Bugtraq mailing list archives

HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities

From: Federico Fazzi <federico () autistici org>
Date: Thu, 15 Jun 2006 20:36:55 +0200

-----------------------------------------------------
Advisory id: FSA:017

Author:    Federico Fazzi
Date:      15/06/2006, 20:31
Sinthesis: HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities
Type:      low
Product:   http://hotplugcms.com/
Patch:     unavailable
-----------------------------------------------------


1) Description:


Error occured in login1.php:



2) Proof of concept:

http://example/[hpc_path]/administration/tblcontent/login1.php?msg=[xss]

3) Solution:

echo "messages";

Current thread:

HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities Federico Fazzi (Jun 15)