Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13046
HistoryJun 09, 2006 - 12:00 a.m.

[MajorSecurity #10]i.List <= 1.5 - XSS

2006-06-0900:00:00
vulners.com
10
JSON

[MajorSecurity #10]i.List <= 1.5 - XSS

Software: i.List

Version: <=1.5

Type: XSS

Date: June, 8th 2006

Vendor: Skoom

Page: http://skoom.de

Credits:

David 'Aesthetico' Vieira-Kurz

http://www.majorsecurity.de

Affected Products:

i.List 1.5 and prior

Description:

i.List is a php/mysql TOPLIST script.

Requirements:

register_globals = On

Vulnerability:

Input passed to the Inputbox in "search.php", the 'URL' inputbox
and 'ButtonURL' in "add.php" is not properly filtered and verified, before it is used.
This can be exploited to execute evil XSS-code.

Solution:

Edit the source code to ensure that input is properly sanitised.
Set "register_globals" to "Off".

Exploitation:

In the inputbox of /search.php:
Search for: <script>alert("MajorSecurity")</script>

In the inputbox 'URL' of add.php:
Type in as URL: <script>alert("MajorSecurity")</script>

In the inputbox 'ButtonURL' of add.php:
Type in as URL: <script>alert("MajorSecurity")</script>

JSON