<<< Date Index >>>     <<< Thread Index >>>

episodex guestbook security bypass & html injection




Vendor URL : http://www.episodex.de

HTML Injection :

"Name" & other fields in "default.asp" are not validated.
Script code will be executed in the user's browser session, when the entry is 
viewed.

Security Bypass :

It is possible to edit settings without authentication by accessing the scripts 
"admin.asp"

http://www.bahadorlover.com

3nitroToloen (!)