Home page logo
/

bugtraq logo Bugtraq mailing list archives

episodex guestbook security bypass & html injection
From: farhad koosha <farhadkey () yahoo com>
Date: 20 May 2005 02:25:26 -0000



Vendor URL : http://www.episodex.de

HTML Injection :

"Name" & other fields in "default.asp" are not validated.
Script code will be executed in the user's browser session, when the entry is viewed.

Security Bypass :

It is possible to edit settings without authentication by accessing the scripts "admin.asp"

http://www.bahadorlover.com

3nitroToloen (!)


  By Date           By Thread  

Current thread:
  • episodex guestbook security bypass & html injection farhad koosha (May 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault