phpGreetCards XSS Vulnerabilities

2010-04-23T00:00:00
ID 1337DAY-ID-11947
Type zdt
Reporter Valentin Hobel
Modified 2010-04-23T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =================================
phpGreetCards XSS Vulnerabilities
=================================

[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information 
Advisory/Exploit Title = phpGreetCards XSS Vulnerabilities
Author = Valentin Hoebel
Contact = [email protected]

 
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = phpGreetCards
Vendor = W2B
Vendor Website = http://www.w2bpm.com/
Affected Version(s) = 3.7


[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> #1 Vulnerability
Multiple XSS possibilities on multiple parameters, e.g. when creating an ecard:

index.php?mode=select&category=XX&card[image]=XX&card[sender_name]=~XSS~&card[sender_email]=XX&card[recip_name]=~XSS~&card[recip_email]=XX&card[stamp]=XX&card[bg]=%23B8C2C9&card[font_color]=%23A2ABB1&card[category]=XX&PHPSESSID=XX


[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 22.04.2010


[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!


[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]




#  0day.today [2018-01-06]  #