BugTraq
Back to list
|
Post reply
ChipmunkBlogger improper input sanitizing
May 06 2006 12:54PM
zerogue gmail com
ChipmunkBlogger improper input sanitizing
Discovered by: Nomenumbra
Date: 6/4/2006
impact:moderate (privilege escalation,possible defacement)
Posts (potentially made by lower-privilege members) and profile names aren't properly sanitized, thus resulting
in being vulnerable to the following kind of XSS injection:
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
The photo gallery input isn't sanitized either, by giving the following
input as an url we have a nice XSS attack:
javascript:alert(%27xss%27)
Nomenumbra/[0x4F4C]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Discovered by: Nomenumbra
Date: 6/4/2006
impact:moderate (privilege escalation,possible defacement)
Posts (potentially made by lower-privilege members) and profile names aren't properly sanitized, thus resulting
in being vulnerable to the following kind of XSS injection:
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
The photo gallery input isn't sanitized either, by giving the following
input as an url we have a nice XSS attack:
javascript:alert(%27xss%27)
Nomenumbra/[0x4F4C]
[ reply ]