Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

vuln in snewscms Rus v 2.3
From: www.yo.by () gmail com
Date: 16 Mar 2008 17:05:54 -0000
New Advisory:
Snewscms Rus v2
http://www.medprostuda.ru

--------------------Summary----------------
Software: SnewsCMS Rus v. 2.3
Sowtware's Web Site: http://www.snewscms.net.ru
Versions: 2.4
Critical Level: Moderate
Type: XSS
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available
Solution: Not Available
Discovered by: http://medprostuda.ru

-----------------Description---------------
1. XSS.

Vulnerable script: search.php

Parameters 'query' is not
properly sanitized before being used in HTML tags. http://target.com/search.php?query=";><h1>XSS</h1>

--------------PoC/Exploit----------------------
Waiting for developer(s) reply.

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: http://www.medprostuda.ru
http://www.eserg.ru

  By Date           By Thread  

Current thread:
  • vuln in snewscms Rus v 2.3 www . yo . by (Mar 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]