[41118] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

ASPKnowledgebase vulnerable to XSS injection.

daemon@ATHENA.MIT.EDU (preben@watchcom.no)
Wed Nov 9 15:47:18 2005

Date: 9 Nov 2005 12:01:20 -0000
Message-ID: <20051109120120.17072.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: preben@watchcom.no
To: bugtraq@securityfocus.com

ASPKnowledgebase, by www.asp-programmers.com is vulnerable to XSS in some of it's input fields. If you compromise it's logon, to gain administrative privileges as my previous advisory describes - you can inject the admin form-fields with XSS.  
This will result in automatic execution of script when a user visits that page.

This is highly dangerous as you can script what ever you like. Often these types of attacks are used for cookie thefts and so on.

Please credit to: Preben Nyløkken


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[41118] in bugtraq

ASPKnowledgebase vulnerable to XSS injection.

daemon@ATHENA.MIT.EDU (preben@watchcom.no)Wed Nov 9 15:47:18 2005

daemon@ATHENA.MIT.EDU (preben@watchcom.no)
Wed Nov 9 15:47:18 2005