Network Security: Detailed info on PhpGedView login page multiple XSS

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

Subject:	PhpGedView login page multiple XSS
Date:	27 Aug 2007 21:22:51 -0000

Subject:

PhpGedView login page multiple XSS

Date:

27 Aug 2007 21:22:51 -0000

Vendor Site: http://www.phpgedview.net Version: 4.1 Common Path: yoursite.com/genealogy/login.php Overview: Genealogy program which allows you to view and edit your genealogy on your website. It fails to sufficiently sanitize user-supplied input data in "User Name" text box leaving password blank and pressing the "Login" button, also web address XSS. Example: 1.<html><font color="Red"><b>XSS</b></font></html> 2.yoursite.com/genealogy/login.php?login.php?action=login&username="><iframe> 3.yousite.com/genealogy/login.php?url=/index.php?JOSH="><iframe> Discovered by: Joshua Morin

<Prev in Thread]	Current Thread	[Next in Thread>
PhpGedView login page multiple XSS, morin . josh <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer), Amit Klein
Next by Date:	HPSBUX02249 SSRT071442 rev.1 HP-UX Running the Ignite-UX or the DynRootDisk (DRD) get_system_info Command, Local Unqualified Configuration Change, security-alert
Previous by Thread:	BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer), Amit Klein
Next by Thread:	HPSBUX02249 SSRT071442 rev.1 HP-UX Running the Ignite-UX or the DynRootDisk (DRD) get_system_info Command, Local Unqualified Configuration Change, security-alert
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer), Amit Klein

Next by Date:

HPSBUX02249 SSRT071442 rev.1 HP-UX Running the Ignite-UX or the DynRootDisk (DRD) get_system_info Command, Local Unqualified Configuration Change, security-alert

Previous by Thread:

BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer), Amit Klein

Next by Thread:

HPSBUX02249 SSRT071442 rev.1 HP-UX Running the Ignite-UX or the DynRootDisk (DRD) get_system_info Command, Local Unqualified Configuration Change, security-alert

Indexes:

[Date] [Thread] [Top] [All Lists]