iFdate v1.2

2006-05-30 / 2006-05-31

Credit: luny youfucktard com

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-2664

CWE: CWE-Other

CVSS Base Score: 5.8/10

Impact Subscore: 4.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: None

((sorry if youget this twice, the reply page timed out))
iFdate v1.2
Homepage:
http://www.ifusionservices.co.uk/products/product_ifdate.php
Description:
Packed full of great features, it supports themes and looks sleek, your users will be able to create & customize their very own profile page, upload pictures, rate users, create blogs. You can even upgrade them to premium tools and so much more, iFdate gives you the best performance on what a community site needs!
Effected files:
all input boxes
XSS attack is possible if you put this in the login box as username and pw:
'';!--"<XSS>=&{()}'';!--"<XSS>=&{()}<IMG SRC=javascript:alert('XSS')>'';!--"<XSS>=&{()}'';!--"<XS
S>=&{()}
It should also be noted that all input boxes on the site for editing your profile, sending messages, posting in the forum, along with any other input box that doesnt sanatize user input before dynamically generating it isvulnerable.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

iFdate v1.2

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.