Wheatblog [multiple xss (post) & full path disclosure]

2006-11-10T00:00:00
ID SECURITYVULNS:DOC:14999
Type securityvulns
Reporter Securityvulns
Modified 2006-11-10T00:00:00

Description

vendor site: http://wheatblog.sourceforge.net/ product : Wheatblog bug: multiple xss (post) & full path disclosure risk : medium

xss post : /add_comment.php vulnerable fieds : - Name - WWW - Comment

impact: an attacker can steal the cookie from every persons who is watching at the comments.

full path disclosure : /index.php?postPtr[]=1&next=1

laurent gaffiй & benjamin mossй http://s-a-p.ca/ contact: saps.audit@gmail.com