AOH :: HP Unsorted T :: B06-2863.HTM

Tinymuw v1.0 - xss



TinyMuw v1.0 - XSS
TinyMuw v1.0 - XSS



TinyMuw v1.0

Homepage:
http://www.l0j1k.com/tinyMuw/index.php

Effected files:
quickchat.php input box
videoPage.php

Input isn't sanatized before being generated in the quickchat.php chatbox. For PoC try putting:
 in as your comment.

Full path disclosure error via URL Injection:

http://www.example.com/tinyMuw/videoPage.php?id=28'

Fatal error: Using $this when not in object context in /home/user/public_html/tinyMuw/tinyMuw/video.php on line 18 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.