[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dragonfly CMS 9.0.6.1 and prior XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Dragonfly CMS 9.0.6.1 and prior XSS
From: "HeLiOsZ RooT" <heliosz_time@xxxxxxxxxxx>
Date: Wed, 09 Aug 2006 13:32:52 +0000

## HeLiOsZ - Dark End Team - Internet Security Team
## Dragonfly CMS 9.0.6.1 and prior XSS

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &http://www.darkend.org

## Rish : Medium
## Type : web applet

## Creator: http://www.cpgnuke.com/

## Exploit:
- The vuln is in the search section,it don't validate the imput.

To exploit this vuln you simply need an Internet Browser,you must only usea cookie

 logger to get the Portal cookies.

To know if it is vulnerable: <script>alert('This is an XSSVulnerability')</script>

## Dork: Interactive software released under GNU GPL, Code Credits, PrivacyPolicy


_________________________________________________________________

Don't just search. Find. Check out the new MSN Search!http://search.msn.com/

Prev by Date: Simple one-file GuestBook 1.0
Next by Date: Security Contact
Previous by thread: Simple one-file GuestBook 1.0
Next by thread: Security Contact
Index(es):
- Date
- Thread