xss in dirList 0.3.0
Kod:# exploit title: xss in dirList 0.3.0 # date: 4.o3.2o11 # author: lemlajt # software : dirList @ sourceforge.net # version: 0.3.0 # tested on: linux # cve : # PoC : Input passed via the "folder" parameter to dirLIST_0.3.0/index.php is not properly sanitised in dirLIST_0.3.0/index.php before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 0.3.0. Other versions may also be affected. Solution Edit the source code to ensure that input is properly sanitised. # regards, # lemlajt # *
Odpowiedź z Cytatem
Copyright © 2006-2024 - HACK.pl. Wszelkie prawa zastrzeżone.