Bugtraq mailing list archives
ParticleSoft Wiki v1.0.2
From: luny () youfucktard com
Date: 6 Jun 2006 00:27:40 -0000
ParticleSoft Wiki v1.0.2 Effected files: input boxes on editing pages: XSS Proof of concept: We notice br tags are allowed, so by using a STYLE attribute using a comment to break up expression we can create a XSS vuln: Put the following in when editing a page: <br IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"> Thanks to Rsnake & Roman Ivanov for the above xss example code.
Current thread:
- ParticleSoft Wiki v1.0.2 luny (Jun 06)