Computer Security

Security Advisory: dbList XSS vuln.
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Aria-Security] Stuffed Tracker Multiple Cross-Site Scripting VULN

  TorrentTrader Classic Mutiple Remote vulnerabilities

  new vuln in snewscms.net.ru in lang file

  Else If cms Multiple Remote vulnerabilities

From:r0t <krustevs_(at)_googlemail.com>
Date:08.10.2007
Subject:dbList XSS vuln.

dbList XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 7 October 2007
Vendor:http://www.livio.net/main/scripts.asp?file_id=24
affected versions:dbList v8.1
other versions also can be affected.
###############################################

dbList contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "table","db","strKeyWords","pagesize",
"sort" parameter isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################

Posted by r0t at 17:54

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server