Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Cross-site Scripting and CSRF in TorrentTrader Classic v1.08
From: "Valery Marchuk" <tecklord () securitylab ru>
Date: Mon, 3 Mar 2008 22:09:06 +0200
Cross-site Scripting and CSRF in TorrentTrader Classic v1.08

Application: TorrentTrader Classic v1.08, possible other versions.
Vendor URL: http://sourceforge.net/project/showfiles.php?group_id=98584&package_id=1809271. 

1. Input passed to the msg property of account-inbox.php is not properly
sanitized before being displayed to the user. A malicious authenticated user
can execute arbitrary HTML and scripting code in a user's browser session in
context of an affected web site.
Example:
http://[host]/account-inbox.php?msg=<script>alert(document.co­okie)</script>&receiver=<username>

2. The application allows users to perform certain actions via HTTP requests
without performing any validity checks to verify the request.  A malicious
person can perform a CSRF attack.
Example:
http://[host]/account-inbox.php?msg=<message>&receiver=<username>

Vulnerability #1 was discovered by Dominus.
Original URL: http://www.securitylab.ru/vulnerability/347887.php

BR,
Valery Marchuk
www.SecurityLab.ru

  By Date           By Thread  

Current thread:
  • Cross-site Scripting and CSRF in TorrentTrader Classic v1.08 Valery Marchuk (Mar 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]