BugTraq
Back to list
|
Post reply
ParticleSoft Wiki v1.0.2
Jun 06 2006 12:27AM
luny youfucktard com
ParticleSoft Wiki v1.0.2
Effected files:
input boxes on editing pages:
XSS Proof of concept:
We notice br tags are allowed, so by using a STYLE attribute using a comment to break up expression we can create a XSS vuln:
Put the following in when editing a page:
<br IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
Thanks to Rsnake & Roman Ivanov for the above xss example code.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Effected files:
input boxes on editing pages:
XSS Proof of concept:
We notice br tags are allowed, so by using a STYLE attribute using a comment to break up expression we can create a XSS vuln:
Put the following in when editing a page:
<br IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
Thanks to Rsnake & Roman Ivanov for the above xss example code.
[ reply ]