Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12738
HistoryMay 20, 2006 - 12:00 a.m.

Newswriter v1.0 Remote XSS Exploit

2006-05-2000:00:00
vulners.com
73
JSON
      - Newswriter v1.0 Remote XSS Exploit -

-= http://colander.altervista.org/advisory/Newswriter.txt =-

		-= Newswriter v1.0 =-

Omnipresent
May 20, 2006

Vunerability(s):

XSS Exploit

Product:

Newswriter v1.0

Vendor:

http://newswriter2005.sourceforge.net/

Description of product:

Newswriter is a software that can allow you to write, administrate, illustrate and to show your news.

Vulnerability / Exploit:

The application is vulnerable to an XSS Attack, after administrator login in the application.

PoC / Proof of Concept:

After the administrator or a malicious people get access to the Administrator Pannel, if he inserts a comment like:

<script>alert("You are vulnerabile to XSS")</script>

When a user go to see this page:

http://127.0.0.1/[path_of_newswriter]/index.php

he see the alert message.

Additional Informations:

google dorks: Copyright © 2004 Udo Seiler - Webfire.org NewsWriter

Vendor Status

Not informed!

Credits:

omnipresent
[email protected]

JSON