Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Mambo component "jambook" Html injection Vulnerability

from [0o_zeus_o0 elitemexico.org] Network Security [Permanent Link]
Subject: [Full-disclosure] Mambo component "jambook" Html injection Vulnerability
Date: Sun, 26 Nov 2006 19:25:46 +0100 
###########################################################################
# Advisory #14 Title: Mambo component "jambook" Html injection Vulnerability

#
#
# Author: 0o_zeus_o0 ( Arturo Z. )
# Contact: zeus at diosdelared.com
# Website: www.diosdelared.com
# Date: 26/11/06
# Risk: medium
# Vendor Url: http://www.jxdevelopment.com/jambook
# Affected Software: jambook
# search: allinurl: com_jambook
#
#Info:
##################################################################
#can be exploited by malicious people to conduct script insertion attacks.
#
#Input passed to the "Entry" field isn't sanitised before being stored in
the guestbook.
#
#This can be exploited to execute arbitrary script code in a user's browser
session
#
#in context of an affected website when a malicious guestbook entry is
viewed.
#
#
#example
##################################################################
#
#<iframe src=www.webos.com >
#
#
##################################################################
#
#
#
#VULNERABLE VERSIONS
##################################################################
# 1.0
#
##################################################################
#Contact information
#0o_zeus_o0
#zeus at diosdelared.com
#www.diosdelared.com
##################################################################
#greetz: S.S.M, sams, a mi beba
#Original Advisory: http://diosdelared.com/14.txt
##################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Mambo component "jambook" Html injection Vulnerability, 0o_zeus_o0 elitemexico.org <=
Previous by Date:  mAlbum v0.3 local file inclusion, tux025
Next by Date:  [Full-disclosure] iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability, iDefense Labs
Previous by Thread:  mAlbum v0.3 local file inclusion, tux025
Next by Thread:  [Full-disclosure] iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability, iDefense Labs
Indexes:  [Date] [Thread] [Top] [All Lists]