lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 24 May 2006 23:53:56 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: PHPSimple Choose v0.3 PHPSimple Choose v0.3 Homepage: http://phpsimplechoose.sourceforge.net Description: Do you need to add some fun to your site? Look no further. With PHPSimpleChoose you can let your users input terms and have one randomly choosen. Every bit of text is changeable, and we are working on allowing you to choose how many text boxes there are. We have also intergrated many <span> elements to allow CSS customization. Effected files: Input forms on PHPSimpleChoose The input forms don't sanatize user input before dynamically generating it. This could cause users to insert malicious data. Proof of concept: Try entering [IMG SRC=javascript:alert('XSS')] in the input boxes.