ASPKnowledgebase vulnerable to XSS injection.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ASPKnowledgebase vulnerable to XSS injection.
From: preben@xxxxxxxxxxx
Date: 9 Nov 2005 12:01:20 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

ASPKnowledgebase, by www.asp-programmers.com is vulnerable to XSS in some of 
it's input fields. If you compromise it's logon, to gain administrative 
privileges as my previous advisory describes - you can inject the admin 
form-fields with XSS.  
This will result in automatic execution of script when a user visits that page.

This is highly dangerous as you can script what ever you like. Often these 
types of attacks are used for cookie thefts and so on.

Please credit to: Preben Nyløkken

Prev by Date: [EEYEB-20050901] Windows Metafile SetPalette Entries Heap OVerflow Vulnerability (Graphics Rendering Engine Vulnerability)
Next by Date: [USN-151-4] rpm vulnerability
Previous by thread: [EEYEB-20050901] Windows Metafile SetPalette Entries Heap OVerflow Vulnerability (Graphics Rendering Engine Vulnerability)
Next by thread: [USN-151-4] rpm vulnerability
Index(es):
- Date
- Thread