>>Cross Site Scripting:
>>-------------------------
>>You can abuse the SQL-Injections for XSS attacks.
>
>Does this occur because the XSS-style attacks are being injected into
>SQL queries, which then generate errors because the queries are
>malformed, and then PHP blindly reflects the malformed query back to
>the user without quoting XSS-relevant characters? That would seem to
>be more of a problem with the application's runtime environment
>(i.e. PHP) than JGS-Portal itself.
Try the following link:
/jgs_portal_statistik.php?meinaction=mitglieder&month=1&year=1<script
>alert(document.cookie);</script>
JGS-Portal doesn't report an error and the year parameter is passed unfiltered. This is definitively the problem of JGS-Portal.
If a SQL-error occurs and the error message contains Cross Site Scripting code, than you're completely right.
>>Cross Site Scripting:
>>-------------------------
>>You can abuse the SQL-Injections for XSS attacks.
>
>Does this occur because the XSS-style attacks are being injected into
>SQL queries, which then generate errors because the queries are
>malformed, and then PHP blindly reflects the malformed query back to
>the user without quoting XSS-relevant characters? That would seem to
>be more of a problem with the application's runtime environment
>(i.e. PHP) than JGS-Portal itself.
Try the following link:
/jgs_portal_statistik.php?meinaction=mitglieder&month=1&year=1<script
>alert(document.cookie);</script>
JGS-Portal doesn't report an error and the year parameter is passed unfiltered. This is definitively the problem of JGS-Portal.
If a SQL-error occurs and the error message contains Cross Site Scripting code, than you're completely right.
Regards,
deluxe
[ reply ]