|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability
roozbeh_afrasiabi
yahoo.com
Date: Wed Mar 01 2006 - 17:56:45 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ADDITIONS AND CORRECTIONS]
Detail and PoC :
--------------------
The application does not validate the "lid" variable upon submission to ratelink.php(*) and ratefile.php.
h**p://[target]/public/modules/mylinks/ratelink.php?lid={number}">[code]
h**p://[target]/public/modules/downloads/ratefile.php?lid={number}">[code]
--------------------
(*)ratelink.php was later found to be vulnerable too.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]