[38931] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

episodex guestbook security bypass & html injection

daemon@ATHENA.MIT.EDU (farhad koosha)
Fri May 20 14:34:29 2005

Date: 20 May 2005 02:25:26 -0000
Message-ID: <20050520022526.26904.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: farhad koosha <farhadkey@yahoo.com>
To: bugtraq@securityfocus.com



Vendor URL : http://www.episodex.de

HTML Injection :

"Name" & other fields in "default.asp" are not validated.
Script code will be executed in the user's browser session, when the entry is viewed.

Security Bypass :

It is possible to edit settings without authentication by accessing the scripts "admin.asp"

http://www.bahadorlover.com

3nitroToloen (!)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38931] in bugtraq

episodex guestbook security bypass & html injection

daemon@ATHENA.MIT.EDU (farhad koosha)Fri May 20 14:34:29 2005

daemon@ATHENA.MIT.EDU (farhad koosha)
Fri May 20 14:34:29 2005