mailing list archives
Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05)
From: <deluxe () security-project org>
Date: 19 May 2005 11:57:11 -0000
In-Reply-To: <200505172151.j4HLpThM004829 () linus mitre org>
Cross Site Scripting:
You can abuse the SQL-Injections for XSS attacks.
Does this occur because the XSS-style attacks are being injected into
SQL queries, which then generate errors because the queries are
malformed, and then PHP blindly reflects the malformed query back to
the user without quoting XSS-relevant characters? That would seem to
be more of a problem with the application's runtime environment
(i.e. PHP) than JGS-Portal itself.
Try the following link:
JGS-Portal doesn't report an error and the year parameter is passed unfiltered. This is definitively the problem of
If a SQL-error occurs and the error message contains Cross Site Scripting code, than you're completely right.