ROWAREZ
rowarez hacking forum
|
Lista Forumurilor Pe Tematici
|
ROWAREZ | Reguli | Inregistrare | Login
POZE ROWAREZ
Nu sunteti logat.
|
Nou pe simpatie:
irina_dragalasa la Simpatie.ro
 | Femeie
24 ani
Bucuresti
cauta Barbat
26 - 65 ani |
|
Gamer
Administrator
 Din: Transilvania
Inregistrat: acum 14 ani
Postari: 202
|
|
Code:
# Exploit Title: Winn Guestbook v2.4.8c Stored XSS
# Date: 12/29/11
# Author: G13
# Software Link: http://code.google.com/p/winn-guestbook/,
http://www.winn.ws
# Version: 2.4.8c
# Category: webapps (php)
# CVE: 2011-5026
##### Vulnerability #####
There is no sanitation on the input of the name variable. This allows
malicious scripts to be added. This is a stored XSS.
##### Vendor Notification #####
12/24/11 - Vendor Notified.
12/27/11 - Vendor Acknowledged, Patch Issued.
##### Resolution #####
Upgrade to Version 2.4.8d
##### Affected Variables #####
name=[XSS]
##### Exploit #####
The script can be added right in the page, there is no filtering of
input. This can easily be exploited if the email address used is added
to the "approved posters" list. |
_______________________________________
Citeşte regulamentul forumului aici.
|
|
| pus acum 14 ani |
|