Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: bt415.txt

LedNews XSS Vulnerability (CGI/Perl) v0.7

XSS Vulnerability in LedNews (CGI/Perl) v0.7



LedNews is a CGI application written entirely in perl. Its designed to be as 
simple as possible, but very powerful at the same thing.


The script does not attempt to filter out javascript or any other HTML tags. 
So the posting message :


as news will send cookies to your CGI script.

It may also be possible to put SSI tags in news posts, since the script does 
not seem to do the usual filtering for them. I did not test this because i'm 
to lazy to install SSI on my system.

About me

I'm gilbert from Team UEC. I'm 16 years old.
I dream about a job in security someday.
This is my first time posting a vulnerability.
I can always be contacted at

Thank you for reading this and have a nice day,


STOP MORE SPAM with the new MSN 8 and get 2 months FREE*

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH