Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14999
HistoryNov 10, 2006 - 12:00 a.m.

Wheatblog [multiple xss (post) & full path disclosure]

2006-11-1000:00:00
vulners.com
21

vendor site: http://wheatblog.sourceforge.net/
product : Wheatblog
bug: multiple xss (post) & full path disclosure
risk : medium

xss post :
/add_comment.php
vulnerable fieds :

  • Name
  • WWW
  • Comment

impact: an attacker can steal the cookie from every persons who is watching at the comments.

full path disclosure :
/index.php?postPtr[]=1&next=1

laurent gaffiะน & benjamin mossะน
http://s-a-p.ca/
contact: [email protected]