####################################################
Flyspray "The bug killer" multiple variable Cross-Site Scripting
vendor url:http://flyspray.rocks.cc/
Vendor specific bug report: http://flyspray.rocks.cc/bts/task/703
Advisore:http://lostmon.blogspot.com/2005/10/
flyspray-bug-killer-multiple-variable.html
vendor notify:yes exploit available:yes
OSVDB ID:20326
Secunia:17316
BID:15209
#####################################################
Flyspray is an uncomplicated, web-based bug tracking system for
assisting with software development.
Flyspray "The bug killer" contains a flaw that allows a remote
cross site scripting attack.This flaw exists because the application
does not validate multiple variables upon submission to index.php
script.This could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the trust
relationship between the browser and the server,
leading to a loss of integrity.
##################
versions
##################
Flyspray 0.9.7
Flyspray 0.9.8
Flyspray 0.9.8 (devel)
##################
solution
##################
Update to version Flyspray 0.9.8 update1
###################
TimeLine
###################
Discovered:20-10-2005
Vendor notify:24-10-2005
Vendor response:25-10-2005
Disclosure:26-10-2005
####################
Examples
####################
http://[victim]/index.php?PHPSESSID=270ca5a0f7c1e5b2fd4c
52b34cdfe546&tasks=&project=1&string=lala&type=&sev=&due=
&dev=&cat=&status=&perpage=20
variables PHPSESSID, task,string,type,serv,due,dev are
afected by XSS flaws.
http://[victim]/index.php?tasks=all%22%3E%3Cscript
%3Ealert%28%29%3C%2Fscript%3E&project=0
variable task afected.
http://[victim]/index.php?order=sev&project=1&tasks=&type=
&sev=&dev=&cat=&status=&due=&string=&perpage=20&pagenum=0&
sort=desc&order2=&sort2=desc
task,type,due,string,sort2, these variables are
afected by XSS flaws.
########################## €nd #############################
thnx to estrella to be my ligth
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
Comersus BackOffice Plus Cross site scripting
Sunday, October 16, 2005
#####################################################
Comersus BackOffice Plus Cross site scripting
Vendor url:http://www.comersus.com/demo.html
Advisore:http://lostmon.blogspot.com/2005/10/
comersus-backoffice-plus-cross-site.html
vendor notify:yes exploit available:yes
OSVDB ID:20032
Secunia:17219
Securitytracker:1015064
BID:15118
######################################################
Comersus BackOffice Plus contains a flaw that allows a remote
cross site scripting attack.This flaw exists because the
application does not validate some variables upon submission to
comersus_backoffice_searchItemForm.asp script.This could allow
a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server,leading to a loss of integrity.
#############
version:
##############
Comersus Backoffice plus
###########
solution:
###########
No solution was available at this time.
####################
Timeline
####################
discovered: 24-09-2005
vendor notify:28-09-2005
vendor response:28-09-2005
vendor especific bug report: 7-10-2005
Vendor response:-----------
disclosure: 16-10-2005
##################
Proof of comcept:
##################
For exploit this flaw you must be logged...
http://[victim]/backOfficePlus/comersus_backoffice_searchItemForm.asp?
forwardTo1=[XSS-CODE]comersus_backoffice_listAssignedCategories.asp&
forwardTo2=[XSS-CODE]&nameFT1=[XSS-CODE]Select&nameFT2=[XSS-CODE]
all variables are vulnerables to Cross site
scripting
##################### €nd #####################
Thnx to estrella to be my ligth
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
Comersus BackOffice Plus Cross site scripting
Vendor url:http://www.comersus.com/demo.html
Advisore:http://lostmon.blogspot.com/2005/10/
comersus-backoffice-plus-cross-site.html
vendor notify:yes exploit available:yes
OSVDB ID:20032
Secunia:17219
Securitytracker:1015064
BID:15118
######################################################
Comersus BackOffice Plus contains a flaw that allows a remote
cross site scripting attack.This flaw exists because the
application does not validate some variables upon submission to
comersus_backoffice_searchItemForm.asp script.This could allow
a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server,leading to a loss of integrity.
#############
version:
##############
Comersus Backoffice plus
###########
solution:
###########
No solution was available at this time.
####################
Timeline
####################
discovered: 24-09-2005
vendor notify:28-09-2005
vendor response:28-09-2005
vendor especific bug report: 7-10-2005
Vendor response:-----------
disclosure: 16-10-2005
##################
Proof of comcept:
##################
For exploit this flaw you must be logged...
http://[victim]/backOfficePlus/comersus_backoffice_searchItemForm.asp?
forwardTo1=[XSS-CODE]comersus_backoffice_listAssignedCategories.asp&
forwardTo2=[XSS-CODE]&nameFT1=[XSS-CODE]Select&nameFT2=[XSS-CODE]
all variables are vulnerables to Cross site
scripting
##################### €nd #####################
Thnx to estrella to be my ligth
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
CubeCart™ 3.0.3 multiple variable Cross site scripting
Wednesday, September 28, 2005
################################################
CubeCart™ 3.0.3 multiple variable Cross site scripting
Vendor url: www.cubecart.com
bug report:http://bugs.cubecart.com/?do=details&id=363
Advisore:http://lostmon.blogspot.com/2005/09/
cubecart-303-multiple-variable-cross.html
vendor confirmed: yes exploit avalable: yes
Fix available: yes
OSVDB ID:19860,>19861
Securitytracker:1014984
BID:14962
################################################
CubeCart contains a flaw that allows a remote cross site scripting
attack.This flaw exists because the application does not validate
some variables upon submission to cart.php and index.php scripts.
This could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the trust
relationship between the browser and the server,leading to a
loss of integrity.
###############
VERSIONS
###############
CubeCart™ 3.0.3 vulnerable
CubeCart™ 3.0.4 not vulnerable
#################
Timeline
#################
Discovered: 24 sep 2005
vendor notify: 24 sep 2005
Vendor response:26 sep 2005
Solution: 28 sep 2005
Disclosure:24 sep 2005
Public disclosure: 28 sep 2005
###############
Examples:
###############
http://victim]/cc3/cart.php?act=reg&redir=L3NpdGUvZGVt
by9jYzMvaW5kZXgucGhwP3NlYXJjaFN0cj0lMjIlM0UlM0NzY3JpcH
QlM0VhbGVydCUyOCUyOSUzQyUyRnNjcmlwdCUzRSZhbXA7YWN0PXZpZ
XdDYXQmYW1wO1N1Ym1pdD1Hbw==[XSS-CODE]
http://[victim]/cc3/cart.php?act=reg&redir=[XSS-CODE]
http://[victim]cc3/index.php?searchStr=%3D%22%3E%3Cscript
%3Ealert%28document.cookie%29%3C%2Fscript%3E&act=viewCat
&Submit=Go
http://[victim]cc3/index.php?act=login&redir=L3NpdG
UvZGVtby9jYzMvaW5kZXgucGhwP2FjdD12aWV3RG9jJmFtcDtkb
2NJZD0x[XSS-CODE]
#############
SOLUTION
#############
The vendor has release a fix.
and the follow URI are available for download
the latest version of CubeCart.
http://www.cubecart.com/site/forums/index.php?download=222
Thnx to all CubeCart Tem , they make a very Good work !!!
################################################
MANUAL FIX
################################################
///////////////////////////////////////
// 1. Open: /includes/content/reg.inc.php
////////
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 123:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$redir = base64_decode($_GET['redir']);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$redir = base64_decode(treatGet($_GET['redir']));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 170:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$reg->assign("VAL_ACTION","cart.php?act=reg&
redir=".$_GET['redir']);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$reg->assign("VAL_ACTION","cart.php?act=reg&
redir=".treatGet($_GET['redir']));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save, close and upload this file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
///////////////////////////////////////
// 2. Open: /includes/content/login.inc.php
////////
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 55:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
header("Location: ".str_replace("&","&",
base64_decode($_GET['redir'])));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
header("Location: ".str_replace("&","&",
base64_decode(treatGet($_GET['redir']))));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 74:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$login->assign("VAL_SELF",$_GET['redir']);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$login->assign("VAL_SELF",treatGet($_GET['redir']));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save, close and upload this file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
///////////////////////////////////////
// 3. Open: /includes/boxes/searchForm.inc.php
////////
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 40:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$box_content->assign("SEARCHSTR",$_GET['searchStr']);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$box_content->assign("SEARCHSTR",treatGet($_GET['searchStr']));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save, close and upload this file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
///////////////////////////////////////
// 4. Open: /includes/content/viewCat.inc.php
////////
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 108:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$searchwords = split ( "[ ,]", $_GET['searchStr']);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$searchwords = split ( "[ ,]", treatGet($_GET['searchStr']));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 308:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$view_cat->assign("TXT_NO_PRODUCTS",$lang['front']['viewCat']['no_products_match']." ".$_GET['searchStr']);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$view_cat->assign("TXT_NO_PRODUCTS",$lang['front']['viewCat']['no_products_match']." ".treatGet($_GET['searchStr']));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save, close and upload this file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
///////////////////////////////////////
// 5. Open: /includes/functions.inc.php
////////
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
At around line 25 find:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| functions.inc.php
| ========================================
| Core Frontend Functions
+----------------------------------------------
*/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Directly under this add:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
//////////////////////////////////
// treat GET vars stop XSS
////////
function treatGet($text){
$text = preg_replace("/(\ Sunday, September 18, 2005
CubeCart™ 3.0.3 multiple variable Cross site scripting
Vendor url: www.cubecart.com
bug report:http://bugs.cubecart.com/?do=details&id=363
Advisore:http://lostmon.blogspot.com/2005/09/
cubecart-303-multiple-variable-cross.html
vendor confirmed: yes exploit avalable: yes
Fix available: yes
OSVDB ID:19860,>19861
Securitytracker:1014984
BID:14962
################################################
CubeCart contains a flaw that allows a remote cross site scripting
attack.This flaw exists because the application does not validate
some variables upon submission to cart.php and index.php scripts.
This could allow a user to create a specially crafted URL that
would execute arbitrary code in a user's browser within the trust
relationship between the browser and the server,leading to a
loss of integrity.
###############
VERSIONS
###############
CubeCart™ 3.0.3 vulnerable
CubeCart™ 3.0.4 not vulnerable
#################
Timeline
#################
Discovered: 24 sep 2005
vendor notify: 24 sep 2005
Vendor response:26 sep 2005
Solution: 28 sep 2005
Disclosure:24 sep 2005
Public disclosure: 28 sep 2005
###############
Examples:
###############
http://victim]/cc3/cart.php?act=reg&redir=L3NpdGUvZGVt
by9jYzMvaW5kZXgucGhwP3NlYXJjaFN0cj0lMjIlM0UlM0NzY3JpcH
QlM0VhbGVydCUyOCUyOSUzQyUyRnNjcmlwdCUzRSZhbXA7YWN0PXZpZ
XdDYXQmYW1wO1N1Ym1pdD1Hbw==[XSS-CODE]
http://[victim]/cc3/cart.php?act=reg&redir=[XSS-CODE]
http://[victim]cc3/index.php?searchStr=%3D%22%3E%3Cscript
%3Ealert%28document.cookie%29%3C%2Fscript%3E&act=viewCat
&Submit=Go
http://[victim]cc3/index.php?act=login&redir=L3NpdG
UvZGVtby9jYzMvaW5kZXgucGhwP2FjdD12aWV3RG9jJmFtcDtkb
2NJZD0x[XSS-CODE]
#############
SOLUTION
#############
The vendor has release a fix.
and the follow URI are available for download
the latest version of CubeCart.
http://www.cubecart.com/site/forums/index.php?download=222
Thnx to all CubeCart Tem , they make a very Good work !!!
################################################
MANUAL FIX
################################################
///////////////////////////////////////
// 1. Open: /includes/content/reg.inc.php
////////
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 123:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$redir = base64_decode($_GET['redir']);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$redir = base64_decode(treatGet($_GET['redir']));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 170:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$reg->assign("VAL_ACTION","cart.php?act=reg&
redir=".$_GET['redir']);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$reg->assign("VAL_ACTION","cart.php?act=reg&
redir=".treatGet($_GET['redir']));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save, close and upload this file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
///////////////////////////////////////
// 2. Open: /includes/content/login.inc.php
////////
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 55:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
header("Location: ".str_replace("&","&",
base64_decode($_GET['redir'])));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
header("Location: ".str_replace("&","&",
base64_decode(treatGet($_GET['redir']))));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 74:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$login->assign("VAL_SELF",$_GET['redir']);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$login->assign("VAL_SELF",treatGet($_GET['redir']));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save, close and upload this file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
///////////////////////////////////////
// 3. Open: /includes/boxes/searchForm.inc.php
////////
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 40:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$box_content->assign("SEARCHSTR",$_GET['searchStr']);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$box_content->assign("SEARCHSTR",treatGet($_GET['searchStr']));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save, close and upload this file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
///////////////////////////////////////
// 4. Open: /includes/content/viewCat.inc.php
////////
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 108:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$searchwords = split ( "[ ,]", $_GET['searchStr']);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$searchwords = split ( "[ ,]", treatGet($_GET['searchStr']));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Find at around line 308:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$view_cat->assign("TXT_NO_PRODUCTS",$lang['front']['viewCat']['no_products_match']." ".$_GET['searchStr']);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Replace with:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$view_cat->assign("TXT_NO_PRODUCTS",$lang['front']['viewCat']['no_products_match']." ".treatGet($_GET['searchStr']));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Save, close and upload this file.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
///////////////////////////////////////
// 5. Open: /includes/functions.inc.php
////////
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
At around line 25 find:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| functions.inc.php
| ========================================
| Core Frontend Functions
+----------------------------------------------
*/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Directly under this add:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
//////////////////////////////////
// treat GET vars stop XSS
////////
function treatGet($text){
$text = preg_replace("/(\ Sunday, September 18, 2005
UPDATE 20 sep 2005 :
VERSION AFECTED: Spymac v4
#########################################################
Multiple variable XSS in Spymac Web Os v4.0
vendor url:http://www.spymac.com/
Advisory:http://lostmon.blogspot.com/2005/09/
multiple-variable-xss-in-spymac-web-os.html
Vendor notified : yes exploit avaible : yes
OSVDB ID:19613
Securitytracker:1014928
#########################################################
Spymac is powered by an integrated collection of applications
(developed in-house)that together form "Spymac WOS". Spymac
WOS is an intelligent environment featuring patent-pending
technology that allows for the creation of an immersive and
visually-stunning Web experience.
Spymac flaw that allows a remote cross site scripting attack.
This flaw exists because the application does not validate some
variables upon submission to some scripts.This could allow a user
to create a specially crafted URL that would execute arbitrary
code in a user's browser within the trust relationship between the
browser and the server,leading to a loss of integrity.
############
version afected
############
Spymac web os v4
Spymac Web Os 3.0 beta 190
#########
Solution
#########
No solution was available at this time.
##########
timeline
##########
Discovered : 17 sep 2005
Vendor notify: 17 sep 2005
Vendor response:
Disclosure :17 sep 2005
Public disclosure:17 sep 2005
############
Examples
############
http://[victim]/forums/showthread.php?threadid=195681[XSS-CODE]
http://[victim]/forums/showthread.php?threadid=195805&postid=3579278[XSS-CODE]#post_3579278
http://[victim]/forums/showthread.php?threadid=195605&curr=0[XSS-CODE]
########################### €nd ############################
Thnx to estrella to be my ligth.
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
VERSION AFECTED: Spymac v4
#########################################################
Multiple variable XSS in Spymac Web Os v4.0
vendor url:http://www.spymac.com/
Advisory:http://lostmon.blogspot.com/2005/09/
multiple-variable-xss-in-spymac-web-os.html
Vendor notified : yes exploit avaible : yes
OSVDB ID:19613
Securitytracker:1014928
#########################################################
Spymac is powered by an integrated collection of applications
(developed in-house)that together form "Spymac WOS". Spymac
WOS is an intelligent environment featuring patent-pending
technology that allows for the creation of an immersive and
visually-stunning Web experience.
Spymac flaw that allows a remote cross site scripting attack.
This flaw exists because the application does not validate some
variables upon submission to some scripts.This could allow a user
to create a specially crafted URL that would execute arbitrary
code in a user's browser within the trust relationship between the
browser and the server,leading to a loss of integrity.
############
version afected
############
Spymac web os v4
Spymac Web Os 3.0 beta 190
#########
Solution
#########
No solution was available at this time.
##########
timeline
##########
Discovered : 17 sep 2005
Vendor notify: 17 sep 2005
Vendor response:
Disclosure :17 sep 2005
Public disclosure:17 sep 2005
############
Examples
############
http://[victim]/forums/showthread.php?threadid=195681[XSS-CODE]
http://[victim]/forums/showthread.php?threadid=195805&postid=3579278[XSS-CODE]#post_3579278
http://[victim]/forums/showthread.php?threadid=195605&curr=0[XSS-CODE]
########################### €nd ############################
Thnx to estrella to be my ligth.
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
Subscribe to:
Posts (Atom)
Categories
Archives
-
►
2022
(2)
- ► November 2022 (1)
- ► October 2022 (1)
-
►
2013
(2)
- ► December 2013 (1)
- ► August 2013 (1)
-
►
2012
(5)
- ► April 2012 (1)
-
►
2011
(5)
- ► October 2011 (1)
- ► March 2011 (1)
-
►
2010
(18)
- ► December 2010 (2)
- ► September 2010 (1)
- ► March 2010 (1)
- ► February 2010 (1)
- ► January 2010 (1)
-
►
2009
(25)
- ► November 2009 (1)
- ► April 2009 (1)
- ► March 2009 (1)
- ► February 2009 (1)
-
►
2008
(24)
- ► August 2008 (9)
- ► April 2008 (1)
- ► March 2008 (1)
-
►
2007
(29)
- ► October 2007 (1)
- ► March 2007 (1)
-
►
2006
(14)
- ► August 2006 (1)
- ► February 2006 (1)
-
►
2005
(54)
- ► December 2005 (1)
- ► April 2005 (14)
Browse
About:Me
My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com
La curiosidad es lo que hace
mover la mente...