Bugtraq mailing list archives
Re: [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability
From: roozbeh_afrasiabi () yahoo com
Date: 1 Mar 2006 23:56:45 -0000
[ADDITIONS AND CORRECTIONS] Detail and PoC : -------------------- The application does not validate the "lid" variable upon submission to ratelink.php(*) and ratefile.php. h**p://[target]/public/modules/mylinks/ratelink.php?lid={number}">[code] h**p://[target]/public/modules/downloads/ratefile.php?lid={number}">[code] -------------------- (*)ratelink.php was later found to be vulnerable too.
Current thread:
- Re: [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability roozbeh_afrasiabi (Mar 02)