citypostXSS.txt

2005-05-30T00:00:00
ID PACKETSTORM:37744
Type packetstorm
Reporter snkenjoi
Modified 2005-05-30T00:00:00

Description

                                        
                                            `sNKenjoi's Security Advisory: XSS Vunerabilities in Multiple CityPost Software  
  
  
Security Advisory: XSS Vunerabilities in Multiple CityPost Software  
Severity: Medium  
Title: XSS Vunerabilities in Simple PHP Upload, Simple Image Editor  
and Automated Link Exchange  
  
  
Vendor: Allen Kim  
Vendor Website: http://tech.citypost.ca/  
  
Proof of Concept Exploits:   
  
Simple PHP Upload - XSS  
http://localhost/simple-upload-53.php?message=[XSS]  
  
Simple Image Editor - XSS's in 5 seperate places  
http://localhost/image-editor-52/?m1=[XSS]&m2=[XSS]&m3=[XSS]&imgsrc=[XSS]&m4=[XSS]  
  
Automated Link Exchange - XSS  
http://localhost/lnkx/message.php?msg=[XSS]  
  
snkenjoi.com & zone-h.org  
snkenjoi@gmail.com  
--   
snkenjoi.com  
`