[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities
From:       Federico Fazzi <federico () autistici ! org>
Date:       2006-06-15 18:36:55
Message-ID: 4491A8C7.8000500 () autistici ! org
[Download RAW message or body]

-----------------------------------------------------
Advisory id: FSA:017

Author:    Federico Fazzi
Date:	   15/06/2006, 20:31
Sinthesis: HotPlugCMS 1.0, Cross-Site Scripting Vulnerabilities
Type:	   low
Product:   http://hotplugcms.com/
Patch:	   unavailable
-----------------------------------------------------


1) Description:


Error occured in login1.php:



2) Proof of concept:

http://example/[hpc_path]/administration/tblcontent/login1.php?msg=[xss]

3) Solution:

echo "messages";

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic