YaPiG thanks_comment.php Cross-Site Scripting Vulnerability

2006-08-28T00:00:00
ID SECURITYVULNS:DOC:14051
Type securityvulns
Reporter Securityvulns
Modified 2006-08-28T00:00:00

Description

/*
Kuon <Armorize Security Team>

Kuon-[at]-Armorize.com

YaPiG thanks_comment.php Cross-Site Scripting Vulnerability

Contact : Kuon-[at]-Armorize.com

Link : www.Armorize.com

*/

Armorize Technologies Security Advisory

Advisory No: 20061001 Date: 2006/08/25

Affected Software: yapig 0.95b

Vulnerability Description: Cross-Site Scripting Vulnerability

Detection/Exploit: http://www.example.com/[PATH]/template/default/thanks_comment.php?D_REFRESH_URL=[XSS]

Disclosure Timeline: 2006/08/17

Armorize Technologies provides next-generation source code analysis tools to help developers identify and remediate vulnerabilities in their web application source. CodeSecure™, Armorize’s premier source code analysis tool is available for analysis of PHP, JSP and ASP. Find out more at www.armorize.com .