Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20303
HistoryAug 07, 2008 - 12:00 a.m.

Pluck 4.5.2 Multiple Cross Site Scripting Vulnerabilities

2008-08-0700:00:00
vulners.com
31
JSON

Script : Pluck 4.5.2

Type : Multiple Cross Site Scripting Vulnerabilities

Alert : Medium

Download From : http://www.pluck-cms.org/downloads/pluck-4_5_2.tar.gz

Discovered by : Khashayar Fereidani Or Dr.Crash

My Website : HTTP://FEREIDANI.IR

Our Team Website : HTTP://IRCRASH.COM

Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com

Cross Site Scripting Vulnerabilities :

All vulnerabilities work when register_globals set as on ,

XSS Vulnerability 1 : /data/inc/footer.php => http://Example.com/data/inc/footer.php?lang_footer=[Cross Site
Scripting]

XSS Vulnerability 2 : /data/inc/header.php => http://Example.com/data/inc/header.php?pluck_version=[Cross Site
Scripting]

XSS Vulnerability 3 : /data/inc/header.php => http://Example.com/data/inc/header.php?lang_install22=[Cross Site
Scripting]

XSS Vulnerability 4 : /data/inc/header.php => http://Example.com/data/inc/header.php?titelkop=[Cross Site Scripting]

XSS Vulnerability 5 : /data/inc/header.php => http://Example.com/data/inc/header.php?lang_kop1=[Cross Site Scripting]

XSS Vulnerability 6 : /data/inc/header.php => http://Example.com/data/inc/header.php?lang_kop2=[Cross Site Scripting]

XSS Vulnerability 7 : /data/inc/header.php => http://Example.com/data/inc/header.php?lang_modules=[Cross Site
Scripting]

XSS Vulnerability 8 : /data/inc/header.php => http://Example.com/data/inc/header.php?lang_kop4=[Cross Site Scripting]

XSS Vulnerability 9 : /data/inc/header.php => http://Example.com/pluck/data/inc/header.php?lang_kop15=[Cross Site
Scripting]

XSS Vulnerability 10 : /data/inc/header.php => http://Example.com/data/inc/header.php?lang_kop5=[Cross Site Scripting]

XSS Vulnerability 11 : /data/inc/header.php => http://Example.com/data/inc/header.php?titelkop=[Cross Site Scripting]

XSS Vulnerability 12 : /data/inc/header2.php => http://Example.com/data/inc/header2.php?pluck_version=[Cross Site
Scripting]

XSS Vulnerability 13 : /data/inc/header2.php => http://Example.com/data/inc/header2.php?titelkop=[Cross Site
Scripting]

XSS Vulnerability 14 : /data/inc/header2.php => http://Example.com/data/inc/header2.php?titelkop=[Cross Site
Scripting]

XSS Vulnerability 15 : /data/inc/themeinstall.php => http://Example.com/data/inc/themeinstall.php?lang_theme6=[Cross
Site Scripting]

Solution : Filter all insecure variable with htmlspecialchars() function …

                    Tnx : God

     HTTP://IRCRASH.COM & HTTP://FEREIDANI.IR
JSON