Computer Security

Security Advisory: Dragonfly CMS 9.0.6.1 and prior XSS
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  PHPMyRing <= 4.2.0 (view_com.
php) Remote SQL Injection

  Yabb XSS

  TinyWebGallery v1.5 ( image ) Remote Include Vulnerability

  Directory Traversal vulnerability in IPCheck Monitor Server

From:piiiiiii pppiiiiiiii <heliosz_time_(at)_hotmail.com>
Date:11.08.2006
Subject:Dragonfly CMS 9.0.6.1 and prior XSS

## HeLiOsZ - Dark End Team - Internet Security Team
## Dragonfly CMS 9.0.6.1 and prior XSS

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &
http://www.darkend.org
## Rish : Medium
## Type : web applet

## Creator: http://www.cpgnuke.com/

## Exploit:
- The vuln is in the search section,it don't validate the imput.
To exploit this vuln you simply need an Internet Browser,you must only use
a cookie
logger to get the Portal cookies.
To know if it is vulnerable: <script>alert('This is an XSS
Vulnerability')</script>

## Dork: Interactive software released under GNU GPL, Code Credits, Privacy
Policy

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.com/
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server