Full Disclosure mailing list archives
Mambo component "jambook" Html injection Vulnerability
From: "0o_zeus_o0 elitemexico.org" <zeus.olimpusklan () gmail com>
Date: Sun, 26 Nov 2006 19:25:46 +0100
########################################################################### # Advisory #14 Title: Mambo component "jambook" Html injection Vulnerability # # # Author: 0o_zeus_o0 ( Arturo Z. ) # Contact: zeus at diosdelared.com # Website: www.diosdelared.com # Date: 26/11/06 # Risk: medium # Vendor Url: http://www.jxdevelopment.com/jambook # Affected Software: jambook # search: allinurl: com_jambook # #Info: ################################################################## #can be exploited by malicious people to conduct script insertion attacks. # #Input passed to the "Entry" field isn't sanitised before being stored in the guestbook. # #This can be exploited to execute arbitrary script code in a user's browser session # #in context of an affected website when a malicious guestbook entry is viewed. # # #example ################################################################## # #<iframe src=www.webos.com > # # ################################################################## # # # #VULNERABLE VERSIONS ################################################################## # 1.0 # ################################################################## #Contact information #0o_zeus_o0 #zeus at diosdelared.com #www.diosdelared.com ################################################################## #greetz: S.S.M, sams, a mi beba #Original Advisory: http://diosdelared.com/14.txt ##################################################################
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Mambo component "jambook" Html injection Vulnerability 0o_zeus_o0 elitemexico.org (Nov 26)