| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTin0UQpNwS4vBrn=tuR0aNOG2SDb5Ehso1Sx+y91@mail.gmail.com> Date: Sun, 24 Oct 2010 18:13:16 +0200 From: Yam Mesicka <yammesicka@...il.com> To: bugtraq <bugtraq@...urityfocus.com> Subject: Aardvark Topsite XSS vulnerability Hi, I found XSS on Aardvark Topsites PHP system. Dork: "Powered by Aardvark Topsites" "SQL Queries" XSS PoC: site_path/index.php?a=search&q=%22%20onmouseover%3dalert(String.fromCharCode(88,83,83))%20par%3d%22 Can use POST to effect the "email", "title", "u" and "url" parameters either on the same way. Tested versions: 5.2.0 & 5.2.1 (might work on other versions also). Haven't found a way to contact the admins/security department directly. If more details are needed, please contact me. Thank you, - Yam Mesicka - Israel - www.mesicka.com
Powered by blists - more mailing lists