Graylog Allows Session Takeover via Insufficient HTML Sanitization

Impact It is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissions to create event definitions, while the user must have permissions to view alerts...

Online Book Store 1.0 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Book Store 1.0 - Arbitrary File Upload Exploit Author: Or4nG.M4n aka S4udiExploit Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...

Cross site scripting

The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands Cross Site Scripting via attack reports generated in HTML form...

Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)

Advisory Title: Web Browsers vulnerable to the Extended HTML Form Attack Release Date: 06/02/2002 Effects: Internet Explorer 6 and older versions Opera 6.0 and older versions Severity: Allows stealing of cookies, penetration of internal networks and other evil stuff. Author: Obscure^...

Атака через HTML-формы (HTML form attack)

Можно заставить браузер подписать результат запроса формы на другой сервер по протоколу отличному от HTTP например команды протокола POP3 в порт 110. Данные формы могут содержать скрипты и быть использованы для межсайтового скриптинга...