[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] html in simpbook
From:       zeus olimpusklan <zeus.olimpusklan () gmail ! com>
Date:       2005-12-23 16:29:10
Message-ID: 558f59870512230829r78546e43o94041a07b5b15de7 () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


###########################################################################
# Advisory #1 Title: HTML Injection Vulnerability in Simpbook( all vercion)
#
#
# Author: 0o_zeus_o0
# Contact: zeus@diosdelared.com
# Website: olimpusklan.org
# Date: 23/12/2005
# Risk: High
# Vendor Url: http://www.codegrrl.com
# Affected Software: Simpbook
# Non Affected:
#
# We Are:olimpus klan team
#
#================================================================
#TECHNICAL INFO:
#
#when being in the guest book HTML in the area of messages can be injected
#with the next script
#
#Example:
#
#<h1>hi
#
#<script>alert('you hacked')</script>
#
#or some inframe
#
#
#
#
#================================================================
#
#VULNERABLE VERSIONS:  all
#
#================================================================
Contact information
#0o_zeus_o0
#zeus@diosdelared.com
#www.olimpusklan.org
#================================================================
#greetz: lady fire, fraude, adi, xoxo , pandora, mbyte
##############################################################################

[Attachment #5 (text/html)]

###########################################################################<br># \
Advisory #1 Title: HTML Injection Vulnerability in Simpbook( all vercion)<br># <br># \
<br># Author: 0o_zeus_o0<br># Contact: <a href="mailto:zeus@diosdelared.com"> \
zeus@diosdelared.com</a><br># Website: <a \
href="http://olimpusklan.org">olimpusklan.org</a><br># Date: 23/12/2005<br># Risk: \
High <br># Vendor Url: <a \
href="http://www.codegrrl.com">http://www.codegrrl.com</a><br># Affected Software: \
Simpbook <br># Non Affected: <br># <br># We Are:olimpus klan team \
<br>#<br>#================================================================<br>#TECHNICAL \
INFO:<br>#<br>#when being in the guest book HTML in the area of messages can be \
injected  <br>#with the next \
script<br>#<br>#Example:<br>#<br>#&lt;h1&gt;hi<br>#<br>#&lt;script&gt;alert('you \
hacked')&lt;/script&gt;<br>#<br>#or some \
inframe<br>#<br>#<br>#<br>#<br>#================================================================
 <br>#<br>#VULNERABLE VERSIONS:&nbsp; \
all<br>#<br>#================================================================<br>Contact \
information<br>#0o_zeus_o0<br>#zeus@<a \
href="http://diosdelared.com">diosdelared.com</a><br>#www.olimpusklan.org \
<br>#================================================================<br>#greetz: \
lady fire, fraude, adi, xoxo , pandora, mbyte \
<br>##############################################################################



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic