Computer Security

Security Advisory: TinyMuw v1.0 - XSS
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Full-disclosure] ASPListPics

  [Kil13r-SA-20060609-
3] DreamWiz Search Cross-Site Scripting Vulnerability

  [Kil13r-SA-20060609-
2] DaNaWa Search Cross-Site Scripting Vulnerability

  [Kil13r-SA-20060609-
1] Daum Search Cross-Site Scripting Vulnerability

From:luny_(at)_youfucktard.com <luny_(at)_youfucktard.com>
Date:10.06.2006
Subject:TinyMuw v1.0 - XSS

TinyMuw v1.0

Homepage:
http://www.l0j1k.com/tinyMuw/index.php

Effected files:
quickchat.php input box
videoPage.php

Input isn't sanatized before being generated in the quickchat.php chatbox. For PoC try putting:
<IMG SRC=javascript:alert('XSS')> in as your comment.

Full path disclosure error via URL Injection:

http://www.example.com/tinyMuw/videoPage.php?id=28'

Fatal error: Using $this when not in object context in
/home/user/public_html/tinyMuw/tinyMuw/video.php on line 18

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru