BugTraq
Back to list
|
Post reply
Youtube Clone Xross Site Scripting (load_message.php)
Feb 01 2008 09:34PM
ciucciamilcalzino ciuccazzamelo it
Discovered by Smasher
CMS: Youtube Clone Script
Site: http://warwolfz.altervista.org
WarWolfZ Security Crew.
Hello i don't know if this vuln is already out , but i've searched in securityfocus and is not present.
Bug found in load_message.php at line 4:
<?php echo $lang['please_wait']; ?>
Ex: http://localhost/youtube/siteadmin/editor_files/includes/load_message.ph
p?lang[please_wait]=[XSS]
Fix:
<?php echo htmlspecialchars($lang['please_wait']); ?>
Greetz.
Smasher.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
CMS: Youtube Clone Script
Site: http://warwolfz.altervista.org
WarWolfZ Security Crew.
Hello i don't know if this vuln is already out , but i've searched in securityfocus and is not present.
Bug found in load_message.php at line 4:
<?php echo $lang['please_wait']; ?>
Ex: http://localhost/youtube/siteadmin/editor_files/includes/load_message.ph
p?lang[please_wait]=[XSS]
Fix:
<?php echo htmlspecialchars($lang['please_wait']); ?>
Greetz.
Smasher.
[ reply ]