|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] eNdonesia Cross Site Scripting Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Aug 27 2003 - 08:41:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
eNdonesia Cross Site Scripting Vulnerability
SECUNIA ADVISORY ID:
SA9622/
VERIFY ADVISORY:
http://www.secunia.com/advisories/9622/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
eNdonesia 8.x
DESCRIPTION:
A vulnerability has been identified in eNdonesia allowing malicious
people to conduct Cross Site Scripting attacks.
The problem is that the "mod" parameter isn't handled correctly. This
allows malicious people to inject arbitrary HTML and script code.
Example:
http://[some_site]/mod.php?mod=<evil_code>
If a "'" is supplied, eNdonesia will return an error message
revealing the installation path.
This affects version 8.2 and possibly earlier.
SOLUTION:
Edit the souce code so that input is properly validated.
REPORTED BY / CREDITS:
Bahaa Naamneh
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]