[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Airkiosk/formlib application is XSS vuln
From: skienlab () gmail ! com
Date: 2007-10-30 0:40:48
Message-ID: 20071030004048.16820.qmail () securityfocus ! com
[Download RAW message or body]
In the last week I've found a XSS vuln into the Sutra's Airkiosk
application for the realtime distribution of flights/booking and
check-in interface (www.airkiosk.com).
The XSS is possible because they are using a VULN/OLD formlib.pl in
their application that permits to execute any JavaScript you like:
&HtmlError("formlib.parse", "bjelli", "Error parsing $_, aborting.\n");
if you get the error 'f you need help, call bjelli.'.
I suppose it can be related to this flying companies (I've only tryed it
on Blu-express, and Jet2.com):
Aero, Jet2.com, Air southwest, manx2, airsea, republicaairways,
blu-express, highland airways, blueisland, tobagoexpress, evolavia,
zambian, menajet.com, snowflake, airwales and other that is can be easy
found by searching on google.
The maintainer (and the flying company blu-express) has been contacted
twice via mail in the last two weeks but choose not to respond at all.
Regards
Skien
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic