Computer Security

Security Advisory: YaPiG thanks_comment.php Cross-Site Scripting Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SA21648] Fotopholder "path" Cross-Site Scripting Vulnerability

  [Full-disclosure] [vuln.sg] Cybozu Garoon 2 SQL Injection Vulnerabilities

  [Full-disclosure] [vuln.sg] Cybozu Products Arbitrary File Retrieval Vulnerability

  eFiction < 2.0.7 Remote Admin Authentication Bypass Vulnerability

From:Kuon_(at)_Armorize.com <Kuon_(at)_Armorize.com>
Date:28.08.2006
Subject:YaPiG thanks_comment.php Cross-Site Scripting Vulnerability

/*  
   Kuon <Armorize Security Team>

   Kuon-[at]-Armorize.com

   YaPiG thanks_comment.php Cross-Site Scripting Vulnerability

   Contact : Kuon-[at]-Armorize.com

   Link : www.Armorize.com
*/

Armorize Technologies Security Advisory

Advisory No: 20061001
Date: 2006/08/25

Affected Software:
yapig 0.95b

Vulnerability Description:
Cross-Site Scripting Vulnerability

Detection/Exploit:
http://www.example.com/[PATH]/template/default/thanks_comment.
php?D_REFRESH_URL=[XSS]

Disclosure Timeline:
2006/08/17

Armorize Technologies provides next-generation source code analysis tools to help developers identify and remediate vulnerabilities in their web application source. CodeSecure™, Armorize’s premier source code analysis tool is available for analysis of PHP, JSP and ASP. Find out more at www.armorize.com .
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru