Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11637
HistoryFeb 28, 2006 - 12:00 a.m.

EJ3 TOPo - Cross Site Scripting Vulnerability

2006-02-2800:00:00
vulners.com
12
JSON

  • Advisory: EJ3 TOPo Cross Site Scripting Vulnerability

  • Author: Yunus Emre Yilmaz || Yns [[email protected]]

  • Application: EJ3 TOPo ( http://ej3soft.ej3.net )

  • Affected Version : v2.2.178 ( maybe older versions…)

  • Risk : Critical

– Details : If an attacker access /code/inc_header.php directly , he can bypass $gTopNomBer
variable.(Register_globals must be “on”)

Problem is about not defining or filtering the variable.

– Proof Of Concept : access /code/inc_header.php like
inc_header.php?gTopNombre=“><script>alert(document.cookie)</script>

and print user’s cookie.So an attacker can escape admin’s cookie.

– Release Date: 2006/02/28
– Contacted to vendor : 2006/02/28

JSON