Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Geeklog <= v1.6.0sr2 - Remote File Upload

From: 啊賢. <underclasslv () gmail com>
Date: Mon, 5 Oct 2009 11:14:07 +0800
Successful exploitation requires the ability to execute the uploaded

JavaScript.

The Geeklog Forum program can be used as an attack vector since it does

not

properly validate many $_GET / $_POST variables.

Could you give us some more details about these XSS vulnerabilities ? :)

Cause all I see here is a RCE in the admin panel.
You confirm that there are XSS but we don't have any details about

them...


The
easy one is when the forum allows anonymous posts and is configured for
text posts.  The anonymous user name is never filtered, so you can put
anything there, including a reference to the javascript uploaded as the
user profile image..



<script src="../images/userphotos/username.jpg"></script>

How about the php flaw?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: