<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

Bugtraq: ASPKnowledgebase vulnerable to XSS injection.

ASPKnowledgebase vulnerable to XSS injection.

From: <preben_at_watchcom.no>
Date: 9 Nov 2005 12:01:20 -0000

('binary' encoding is not supported, stored as-is) ASPKnowledgebase, by www.asp-programmers.com is vulnerable to XSS in some of it's input fields. If you compromise it's logon, to gain administrative privileges as my previous advisory describes - you can inject the admin form-fields with XSS.
This will result in automatic execution of script when a user visits that page.

This is highly dangerous as you can script what ever you like. Often these types of attacks are used for cookie thefts and so on.

Please credit to: Preben Nyløkken
Received on Nov 09 2005

This message: [ Message body ]
Next message: Martin Pitt: "[USN-151-4] rpm vulnerability"
Previous message: preben_at_watchcom.no: "ASPKnowledgebase vulnerable to SQL-inject"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]