|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: 24 Aug 2004 22:04:46 -0000 Message-ID: <20040824220446.28448.qmail@www.securityfocus.com> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 From: Nikyt0x Argentina <nikyt0x@hotmail.com> To: bugtraq@securityfocus.com [Nikkyt0x Advisory] #0000-0001 [PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities] Software: PHP Code Snippet Library Vendor: http://www.php-csl.com/ Date: 24/08/2004 Author: Nikyt0x [ nikyt0x@hotmail.com ] Site: http://nikyt0x.webcindario.com Advisory URL: http://nikyt0x.webcindario.com/0001.txt Vamos Argentina ! [ Description ] It was designed to help PHP programmers store commonly used code in a central repository. Code can be stored in categories for easy managment. [ Vulnerability ] PHP Code Snippet Library not have html filters in: >cat_select >show [ Proof of concept ] http://localhost/[path]/index.php?cat_select=[XSS] http://localhost/[path]/index.php?cat_select=[XSS]&show=[XSS] Example: http://nikyt0x.webcindario.com/1.jpg
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |