Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: General :: sb6040.htm

PY-Livredor Cross Site Scripting & Script Injection Vulnerability
4th Mar 2003 [SBWID-6040]

	PY-Livredor Cross Site Scripting & Script Injection Vulnerability


	PY-Livredor v1.0


	Thanks  to  "Grégory"  Le  Bras  []  aka
	GaLiaRePt advisory :
	 Version Française :
	A Cross-Site Scripting vulnerability  have  been  found  in  PY-Livredor
	which allow attackers to inject script codes into the guestbook and  use
	them on clients browser as if they were provided by the website.
	This Cross-Site Scripting  vulnerability  are  found  in  the  page  for
	posting messages (index.php)
	An attacker can input specially crafted  links  and/or  other  malicious
	A vulnerability was discovered in the  page  for  posting  messages,  at
	this adress :
	The vulnerability is at the level of the interpretation of the  "titre",
	"Votre pseudo", "Votre e-mail", "Votre message" fields.
	Indeed, the insertion of a hostile code script in this  field  makes  it
	possible to a malicious user to carry out this script on  the  navigator
	of the visitors.
	The hostile code could be :
	(open a window with the cookie of the visitor.)
	(replace [] by <>)


	None yet

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH