phpLDAPadmin 0.9.8 - copy_form.php Cross-Site Scripting

2006-04-21T00:00:00
ID EXPLOITPACK:7B004B67D747B55DAED60BF3EB6D3540
Type exploitpack
Reporter r0t
Modified 2006-04-21T00:00:00

Description

phpLDAPadmin 0.9.8 - copy_form.php Cross-Site Scripting

                                        
                                            source: https://www.securityfocus.com/bid/17643/info
 
PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
 
An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.

http://www.example.com/copy_form.php?server_id=0&dn=%22%3Cscript%3Ealert('r0t')%3C/script%3E