Full Disclosure mailing list archives
Re: Geeklog <= v1.6.0sr2 - Remote File Upload
From: 啊賢. <underclasslv () gmail com>
Date: Mon, 5 Oct 2009 11:14:07 +0800
Successful exploitation requires the ability to execute the uploaded
JavaScript.
The Geeklog Forum program can be used as an attack vector since it does
not
properly validate many $_GET / $_POST variables.Could you give us some more details about these XSS vulnerabilities ? :) Cause all I see here is a RCE in the admin panel. You confirm that there are XSS but we don't have any details about
them...
The easy one is when the forum allows anonymous posts and is configured for text posts. The anonymous user name is never filtered, so you can put anything there, including a reference to the javascript uploaded as the user profile image..
<script src="../images/userphotos/username.jpg"></script>
How about the php flaw?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Geeklog <= v1.6.0sr2 - Remote File Upload 啊賢 . (Oct 04)