DoceboLMS Xss Vuln.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: DoceboLMS Xss Vuln.
From: starext@xxxxxxx
Date: 29 Dec 2006 16:38:13 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

# Bhhgroup.org & Trtekforum.com

# script name : MaviPortal (tr)

# Version : All

#script Download: 
http://www.docebo.org/doceboCms/index.php?mn=docs&op=download&pi=5_4&id=44

# script sites : http://www.docebo.org

# Risk : High

# Found By : St@rExT

#  Vulnerable file : arama.asp

#Xss Vuln:

http://www.target/[scriptoath]//modules/credits/credits.php?lang==[xssCode]


# Thanks : Dekolax , ShaFuck31 , ST@ReXT , Dekolax , Swat_Hack , Maverick , 
Candark , Torlaq , Woheras , Siruas,TurkAkrep

# E-mail: Starext[at]msn[dot]com

##Herkesin Kurban Bayram&#305; Mübarek olsun : ) ###

             ##################### -- Ne Mutlu Türküm Diyene !!! -- 
####################

Prev by Date: LDU <= 8.x (journal.php) SQL Injection Vulnerability
Next by Date: Re: XSS in script Mobilelib GOLD v2
Previous by thread: LDU <= 8.x (journal.php) SQL Injection Vulnerability
Next by thread: csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit
Index(es):
- Date
- Thread