Bugtraq mailing list archives
ChipmunkBlogger improper input sanitizing
From: zerogue () gmail com
Date: 6 May 2006 12:54:16 -0000
ChipmunkBlogger improper input sanitizing Discovered by: Nomenumbra Date: 6/4/2006 impact:moderate (privilege escalation,possible defacement) Posts (potentially made by lower-privilege members) and profile names aren't properly sanitized, thus resulting in being vulnerable to the following kind of XSS injection: <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> The photo gallery input isn't sanitized either, by giving the following input as an url we have a nice XSS attack: javascript:alert(%27xss%27) Nomenumbra/[0x4F4C]
Current thread:
- ChipmunkBlogger improper input sanitizing zerogue (May 06)