Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

TP-Book <= 1.00 Cross Site Scripting Vulnerabilities

from [tamriel] Network Security [Permanent Link]
Subject: TP-Book <= 1.00 Cross Site Scripting Vulnerabilities
Date: 25 Jul 2006 20:16:34 -0000 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

      Advisory: TP-Book <= 1.00 Cross Site Scripting Vulnerabilities
  Release Date: 2006/07/25
 Last Modified: 2006/07/25
        Author: Tamriel [tamriel at gmx dot net]
   Application: TP-Book <= 1.00
          Risk: Low
 Vendor Status: not contacted
   Vendor Site: tobias.kloy.googlepages.com


 Overview:

   Quote from tobias.kloy.googlepages.com:

   "Das Gaestebuch verfuegt über folgende Features:
    - Anpassbare Templates
    - Viele Systeme, um Dauerspammer auszuschließen
    - Admincontrol-Panel
    - Einfache Installation durch einen Wizard"


 Details:

      In your guestbook posts the name will not be checked by the script.
      Attackers can so perform cross site scripting attacks.


 Solution:

      Take a view on PHP's htmlentities function.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3

iD8DBQFExnkWqBhP+Twks7oRAo+tAJ9xQfU3nR2GdQFpihUfYvZMRcjeOACeM5u8
9pRIeeb4mDLWby9rlVGfMsU=
=sTzT
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • TP-Book <= 1.00 Cross Site Scripting Vulnerabilities, tamriel <=
Previous by Date:  wwwThreads XSS, l2odon
Next by Date:  Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Roy Hills
Previous by Thread:  wwwThreads XSS, l2odon
Next by Thread:  Cisco VPN Concentrator IKE resource exhaustion DoS Advisory, Roy Hills
Indexes:  [Date] [Thread] [Top] [All Lists]