Hosting Provided By

[Aria-security] itcms 0.2 Cross-site Scripting (XSS)

From: <h4ck3riran(at)yahoo.com>
Date: Sun Jul 29 2007 - 12:05:23 EDT

[Aria-Security]

# Tilte: itcms 0.2 Cross-site Scripting (XSS)
# <www.Aria-security.Com For English >
# <www.Aria-Security.net For Persian >
# < Author: You_You >
# < Software: itcms >
# < Site Script:http://sourceforge.net/projects/itcms/ >

proof Of Concept :

local/[path]/lang-en.php?wndtitle=[Xss-script]
local/[path]/menu-ed.php?wndtitle=[Xss-script]
local/[path]/titletext-ed.php?wndtitle=[Xss-script]

Received on Mon Jul 30 11:31:12 2007

This message: [ Message body ]
Next message: Advisory(at)aria-security.net: "E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL"
Previous message: Raphael Marichez: "[ GLSA 200707-14 ] tcpdump: Integer overflow"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:10:25 EDT