Bug: PHPSimple Choose v0.3 ( Ascii Version )

Search:
WLB2

PHPSimple Choose v0.3

Published
Credit
Risk
2006.05.31
luny youfucktard com
Low
CWE
CVE
Local
Remote
N/A
CVE-2006-2639
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

PHPSimple Choose v0.3

Homepage:

http://phpsimplechoose.sourceforge.net

Description:

Do you need to add some fun to your site? Look no further. With PHPSimpleChoose you can let your users input terms and
have one randomly choosen. Every bit of text is changeable, and we are working on allowing you to choose how many text
boxes there are. We have also intergrated many <span> elements to allow CSS customization.

Effected files:

Input forms on PHPSimpleChoose

The input forms don't sanatize user input before dynamically generating it. This could cause users to insert malicious
data.

Proof of concept:

Try entering [IMG SRC=javascript:alert('XSS')] in the input boxes.

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version