Cross-site Scripting and CSRF in TorrentTrader Classic v1.08

2008.03.06
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

Cross-site Scripting and CSRF in TorrentTrader Classic v1.08 Application: TorrentTrader Classic v1.08, possible other versions. Vendor URL: http://sourceforge.net/project/showfiles.php?group_id=98584&package_id=1 809271. 1. Input passed to the msg property of account-inbox.php is not properly sanitized before being displayed to the user. A malicious authenticated user can execute arbitrary HTML and scripting code in a user's browser session in context of an affected web site. Example: http://[host]/account-inbox.php?msg=<script>alert(document.cookie)</scr ipt>&receiver=<username> 2. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. A malicious person can perform a CSRF attack. Example: http://[host]/account-inbox.php?msg=<message>&receiver=<username> Vulnerability #1 was discovered by Dominus. Original URL: http://www.securitylab.ru/vulnerability/347887.php BR, Valery Marchuk www.SecurityLab.ru


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top