EJ3 TOPo - Cross Site Scripting Vulnerability

mail Tue, 28 Feb 2006 09:30:08 -0800

- Advisory: EJ3 TOPo Cross Site Scripting Vulnerability
- Author: Yunus Emre Yilmaz || Yns [EMAIL PROTECTED]


- Application: EJ3 TOPo ( http://ej3soft.ej3.net )
- Affected Version : v2.2.178 ( maybe older versions..)
- Risk : Critical

 Details : If an attacker access /code/inc_header.php directly , he can bypass 
$gTopNomBer variable.(Register_globals must be on)

Problem is about not defining or filtering the variable.

 Proof Of Concept : access /code/inc_header.php like
inc_header.php?gTopNombre=><script>alert(document.cookie)</script>

and print users cookie.So an attacker can escape admins cookie.

 Release Date: 2006/02/28
 Contacted to vendor : 2006/02/28

EJ3 TOPo - Cross Site Scripting Vulnerability

Reply via email to