PHPSimple Choose v0.3

Published
Credit
Risk
2006.05.31
luny youfucktard com
Low
CWE
CVE
Local
Remote
N/A
CVE-2006-2639
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

PHPSimple Choose v0.3

Homepage:

http://phpsimplechoose.sourceforge.net

Description:

Do you need to add some fun to your site? Look no further. With PHPSimpleChoose you can let your users input terms and have one randomly choosen. Every bit of text is changeable, and we are working on allowing you to choose how many text boxes there are. We have also intergrated many <span> elements to allow CSS customization.

Effected files:

Input forms on PHPSimpleChoose

The input forms don't sanatize user input before dynamically generating it. This could cause users to insert malicious data.

Proof of concept:

Try entering [IMG SRC=javascript:alert('XSS')] in the input boxes.


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2015, cxsecurity.com