The vulnerable code is located at /[pmb]/index.php (includes)
The issue results from insufficient sanitization of user-supplied data through "page" parameter. This could permit a remote attacker to create a malicious URI link that include hostile HTML and script code.
[~] Exploit
http://[site]/[pmb_path]/index.php?lvl=section_see&id=-1&location=1&page=[XSS]&nbr_lignes=1&dcote=&lcote=1&nc=&main=&ssub=&plettreaut=
Nota: Reported on 03/20/2013 - Fixed
The issue results from insufficient sanitization of user-supplied data through "page" parameter. This could permit a remote attacker to create a malicious URI link that include hostile HTML and script code.
[~] Exploit
http://[site]/[pmb_path]/index.php?lvl=section_see&id=-1&location=1&page=[XSS]&nbr_lignes=1&dcote=&lcote=1&nc=&main=&ssub=&plettreaut=
Nota: Reported on 03/20/2013 - Fixed
Aucun commentaire:
Enregistrer un commentaire