[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] html in simpbook
From: zeus olimpusklan <zeus.olimpusklan () gmail ! com>
Date: 2005-12-23 16:29:10
Message-ID: 558f59870512230829r78546e43o94041a07b5b15de7 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
###########################################################################
# Advisory #1 Title: HTML Injection Vulnerability in Simpbook( all vercion)
#
#
# Author: 0o_zeus_o0
# Contact: zeus@diosdelared.com
# Website: olimpusklan.org
# Date: 23/12/2005
# Risk: High
# Vendor Url: http://www.codegrrl.com
# Affected Software: Simpbook
# Non Affected:
#
# We Are:olimpus klan team
#
#================================================================
#TECHNICAL INFO:
#
#when being in the guest book HTML in the area of messages can be injected
#with the next script
#
#Example:
#
#<h1>hi
#
#<script>alert('you hacked')</script>
#
#or some inframe
#
#
#
#
#================================================================
#
#VULNERABLE VERSIONS: all
#
#================================================================
Contact information
#0o_zeus_o0
#zeus@diosdelared.com
#www.olimpusklan.org
#================================================================
#greetz: lady fire, fraude, adi, xoxo , pandora, mbyte
##############################################################################
[Attachment #5 (text/html)]
###########################################################################<br># \
Advisory #1 Title: HTML Injection Vulnerability in Simpbook( all vercion)<br># <br># \
<br># Author: 0o_zeus_o0<br># Contact: <a href="mailto:zeus@diosdelared.com"> \
zeus@diosdelared.com</a><br># Website: <a \
href="http://olimpusklan.org">olimpusklan.org</a><br># Date: 23/12/2005<br># Risk: \
High <br># Vendor Url: <a \
href="http://www.codegrrl.com">http://www.codegrrl.com</a><br># Affected Software: \
Simpbook <br># Non Affected: <br># <br># We Are:olimpus klan team \
<br>#<br>#================================================================<br>#TECHNICAL \
INFO:<br>#<br>#when being in the guest book HTML in the area of messages can be \
injected <br>#with the next \
script<br>#<br>#Example:<br>#<br>#<h1>hi<br>#<br>#<script>alert('you \
hacked')</script><br>#<br>#or some \
inframe<br>#<br>#<br>#<br>#<br>#================================================================
<br>#<br>#VULNERABLE VERSIONS: \
all<br>#<br>#================================================================<br>Contact \
information<br>#0o_zeus_o0<br>#zeus@<a \
href="http://diosdelared.com">diosdelared.com</a><br>#www.olimpusklan.org \
<br>#================================================================<br>#greetz: \
lady fire, fraude, adi, xoxo , pandora, mbyte \
<br>##############################################################################
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic