Hosting Provided By

PhpGedView login page multiple XSS

From: <morin.josh(at)gmail.com>
Date: Mon Aug 27 2007 - 17:22:51 EDT

Vendor Site: http://www.phpgedview.net
Version: 4.1
Common Path: yoursite.com/genealogy/login.php

Overview: Genealogy program which allows you to view and edit your genealogy on your website. It fails to sufficiently sanitize user-supplied input data in "User Name" text box leaving password blank and pressing the "Login" button, also web address XSS.

Example:

1.XSS
2.yoursite.com/genealogy/login.php?login.php?action=login&username=">
3.yousite.com/genealogy/login.php?url=/index.php?JOSH="><iframe>
</pre><p>
Discovered by: Joshua Morin 
<span id="received"><dfn>Received on</dfn> Mon Aug 27 19:07:08 2007</span></div><div class="foot"><map id="navbarfoot" name="navbarfoot" title="Related messages"><ul class="links"><li><dfn>This message</dfn>: [ <a href="#start">Message body</a> ]<li><dfn>Next message</dfn>: <a href="0915.html" title="Next message in the list">security-alert(at)hp.com: &quot;HPSBUX02249 SSRT071442 rev.1 HP-UX Running the Ignite-UX or the DynRootDisk (DRD) get_system_info Command, Local Unqualified Configuration Change&quot;</a><li><dfn>Previous message</dfn>: <a href="0913.html" title="Previous message in the list">Amit Klein: &quot;BIND 8 EOL and BIND 8 DNS Cache Poisoning (Amit Klein, Trusteer)&quot;</a></ul><ul class="links"><li><a id="options2" name="options2"></a><dfn>Contemporary messages sorted</dfn>: [ <a href="date.html#914" title="Contemporary messages by date">By Date</a> ] [ <a href="index.html#914" title="Contemporary discussion threads">By Thread</a> ] [ <a href="subject.html#914" title="Contemporary messages by subject">By Subject</a> ] [ <a href="author.html#914" title="Contemporary messages by author">By Author</a> ] [ <a href="attachment.html" title="Contemporary messages by attachment">By messages with attachments</a> ]</ul></map></div><p><small><em>
This archive was generated by <a href="http://www.hypermail.org/">hypermail 2.1.8</a> 
: Sun Oct 28 2007 - 06:13:41 EDT
</em></small>
			</td>
		</tr>
		<tr>
			<td colspan="2">
				<table border="0" cellspacing="0" cellpadding="0" width="50%" align="center">
					<tr align="center"><td align="center">
						<hr width="50%" align="center">
						<font size="-1">
					<A HREF="http://www.pantek.com/contact.php">Contact Us</A>&nbsp;
					<A HREF="http://www.pantek.com/contact.php?subsect=legal">Legal Notices</A>&nbsp;
					<A HREF="https://orders.pantek.com/Merchant2/merchant.mvc?">Order Services Online</a>&nbsp;
					<BR>
					<A HREF="http://www.pantek.com/index.php">Pantek Home</A>&nbsp;

					<A HREF="http://www.pantek.com/contact.php?subsect=privacy">Privacy Policy</A>&nbsp;
					<A HREF="http://www.pantek.com/news.php">IT news</A>&nbsp;
					<A HREF="http://www.pantek.com/sitemap.php">Site Map</A>&nbsp;
					<A HREF="http://library.pantek.com/">Pantek Library</A>
						</font>
						<hr width="50%" align="center">
					</td></tr>
				</table>
			</td>
		</tr>
		</table>
	</body>
</html>