Network Security: Detailed info on Wikepage Wiki v.2007-2 Cross-Site Scripting

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

Subject:	Wikepage Wiki v.2007-2 Cross-Site Scripting
Date:	18 Apr 2008 08:13:02 -0000

Subject:

Wikepage Wiki v.2007-2 Cross-Site Scripting

Date:

18 Apr 2008 08:13:02 -0000

Wikepage Wiki v.2007-2 Cross-Site Scripting Author: Gerendi Sandor Attila Date: April 09, 2008 Package: Wikepage Wiki Product homepage: http://wikepage.org/ Versions Affected: v.2007-2 (Other versions may also be affected) Severity: XSS Input passed to "wiki" in "index.php" is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when malicious data is viewed. Example: http://somehost/wikepage_2007_2/index.php?wiki=test%22%20onclick=%22alert(1)%22%20%20bla=%22 Status: 1. Contacted the author at April 09, 2008 via sourceforge tracker (no response).

<Prev in Thread]	Current Thread	[Next in Thread>
Wikepage Wiki v.2007-2 Cross-Site Scripting, darkz . gsa <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	LightNEasy v.1.2.2 flat Multiple Vulnerabilities, darkz . gsa
Next by Date:	[Full-disclosure] Injecting spam into Google Web History via I'm Feeling Lucky queries, Alexander Konovalenko
Previous by Thread:	LightNEasy v.1.2.2 flat Multiple Vulnerabilities, darkz . gsa
Next by Thread:	[Full-disclosure] Injecting spam into Google Web History via I'm Feeling Lucky queries, Alexander Konovalenko
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

LightNEasy v.1.2.2 flat Multiple Vulnerabilities, darkz . gsa

Next by Date:

[Full-disclosure] Injecting spam into Google Web History via I'm Feeling Lucky queries, Alexander Konovalenko

Previous by Thread:

LightNEasy v.1.2.2 flat Multiple Vulnerabilities, darkz . gsa

Next by Thread:

[Full-disclosure] Injecting spam into Google Web History via I'm Feeling Lucky queries, Alexander Konovalenko

Indexes:

[Date] [Thread] [Top] [All Lists]