Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

XSS in PBLang 4.65 Profile.php/UCP.php

from [r0xes] Network Security [Permanent Link]
Subject: XSS in PBLang 4.65 Profile.php/UCP.php
Date: 26 Nov 2005 12:10:19 -0000 
**************************************************
**Who's got the magic stick? It sure as hell ain't
**50 Cent.****************************************
**********

Excuse me for posting again (within minutes) but I did not properly check the 
other forms.

In UCP.php, when editing your profile, in several fields you can inject code 
into the page, just as in the SendPm.php.

EX: Input table: "URL"
'';!--"<script>alert(String.fromCharCode(88,83,83));   </script>

The reason we cannot just do alert("sometext"); here is because this time our 
input is filtered and the quotes have \'s before them (single or not).

All field areas (besides password) are useable. I could not try alias as the 
board would not allow me to do so.
Even the email field is vulnerable, so long as you put an email first (like 
dude@what.com'';!--"<mycode>).

In "User Options", signature or 'saying' are not vulnerable, but URL Avatar is.

Again,
comments - suggestions - questions - flames - r0xes at 7NA dot org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • XSS in PBLang 4.65 Profile.php/UCP.php, r0xes <=
Previous by Date:  Advisory 23/2005: vTiger multiple vulnerabilities, Christopher Kunz
Next by Date:  Re: XSS on Yahoo Mail, Steven Champeon
Previous by Thread:  Advisory 23/2005: vTiger multiple vulnerabilities, Christopher Kunz
Next by Thread:  Webistanbul Control Panel Sql Injection, khc
Indexes:  [Date] [Thread] [Top] [All Lists]