Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: XSS vulnerabilities in register.asp in Alan Ward Acart

XSS vulnerabilities in register.asp in Alan Ward Acart

From: <parag0d_at_phreaker.net>
Date: 4 Dec 2003 06:11:17 -0000
('binary' encoding is not supported, stored as-is) Vulnerability: XSS vulnerabilities in register.asp

Description: The registration form in register.asp does not properly sanitize user input. This means a malicious user can place script into the form fields when they register. The script is stored in the database intact and is called and executed when the data is to be displayed.

Exploit: The exploit was proven with a test script placed into several of the form’s fields.
        &lt;script&gt;alert("test")&lt;/script&gt;

Solution: The developer needs to properly sanitize user input in the register.asp form.

Credit: CyberArmy Application and Code Auditing Team
        Parag0d

The developer was contacted regarding this matter, but never gave a reply.
Received on Dec 04 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]