yapigXSS.txt

2006-08-28T00:00:00
ID PACKETSTORM:49472
Type packetstorm
Reporter Kuon
Modified 2006-08-28T00:00:00

Description

                                        
                                            `/*   
Kuon <Armorize Security Team>  
  
Kuon-[at]-Armorize.com  
  
YaPiG thanks_comment.php Cross-Site Scripting Vulnerability  
  
Contact : Kuon-[at]-Armorize.com  
  
Link : www.Armorize.com  
*/  
  
Armorize Technologies Security Advisory  
  
Advisory No: 20061001  
Date: 2006/08/25  
  
Affected Software:   
yapig 0.95b  
  
Vulnerability Description:   
Cross-Site Scripting Vulnerability  
  
Detection/Exploit:  
http://www.example.com/[PATH]/template/default/thanks_comment.php?D_REFRESH_URL=[XSS]  
  
Disclosure Timeline:  
2006/08/17  
  
Armorize Technologies provides next-generation source code analysis tools to help developers identify and remediate vulnerabilities in their web application source. CodeSecure™, Armorize’s premier source code analysis tool is available for analysis of PHP, JSP and ASP. Find out more at www.armorize.com .  
`