mailing list archives
episodex guestbook security bypass & html injection
From: farhad koosha <farhadkey () yahoo com>
Date: 20 May 2005 02:25:26 -0000
Vendor URL : http://www.episodex.de
HTML Injection :
"Name" & other fields in "default.asp" are not validated.
Script code will be executed in the user's browser session, when the entry is viewed.
Security Bypass :
It is possible to edit settings without authentication by accessing the scripts "admin.asp"
- episodex guestbook security bypass & html injection farhad koosha (May 20)