BugTraq
Back to list
|
Post reply
episodex guestbook security bypass & html injection
May 20 2005 02:25AM
farhad koosha (farhadkey yahoo com)
Vendor URL : http://www.episodex.de
HTML Injection :
"Name" & other fields in "default.asp" are not validated.
Script code will be executed in the user's browser session, when the entry is viewed.
Security Bypass :
It is possible to edit settings without authentication by accessing the scripts "admin.asp"
http://www.bahadorlover.com
3nitroToloen (!)
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Vendor URL : http://www.episodex.de
HTML Injection :
"Name" & other fields in "default.asp" are not validated.
Script code will be executed in the user's browser session, when the entry is viewed.
Security Bypass :
It is possible to edit settings without authentication by accessing the scripts "admin.asp"
http://www.bahadorlover.com
3nitroToloen (!)
[ reply ]