Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

PHP-Nuke (ALL versions) Multiple XSS and HTML injection

Mambo 4.6.2 CMS - Session fixation Issue in backend Administration interface

WikiWebWeaver 1.1 beta  Upload Shell  Vulnerability

[Full-disclosure] *****SPAM***** New Wordpress 2.2.1 Vulnerabilities and the First Weblog XSS Worm

From:	r0t <krustevs_(at)_googlemail.com>
Date:	1 августа 2007 г.
Subject:	WebDirector XSS vuln.

WebDirector XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 1 August 2007
vendor:www.webdirector.ru
orginal advisory:
http://pridels-team.blogspot.com/2007/08/webdirector-xss-vuln.html
affected versions:2.2 and previous
###############################################

WebDirector contains a flaw that allows a remote Cross-Site Scripting
attacks.Input passed to the "deslocal" parameter in "webdirector/index.php"
isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################