NI3
11-04-2003, 01:14 PM
Cross-Site-Scripting Vulnerability in PHPKIT
Date: 2003-11-03
Security-Corporation ID : SC-0726
Author : Benjamin Klimmek <[Only registered and activated users can see links]>
Product : PHP-Kit
Source Message Contents :
[Only registered and activated users can see links]
ben moeckel security research
-------------------------------------------------
badWebMasters security advisory #017
Cross Site Scripting @ PHP-Kit
Discovery date: 2003-09
Original advisory:
[Only registered and activated users can see links] (text/html)
Legal Notice:
Copyright 2003 by Benjamin Klimmek (ben moeckel - badWebMasters)!
You may distribute it unmodified.
You may not modify it and distribute it or distribute parts of it
without giving credits and the URL where the original advisory can be
found!
This document may change without notice.
Author:
ben moeckel ([Only registered and activated users can see links])
mailto: [Only registered and activated users can see links]
Description:
PHPKIT is a Nuke-a-like portal written in PHP.
The contact-formular is prone to several cross site scripting
vulnerabilities.
Exploit:
[Only registered and activated users can see links]
?path=contact.php&contact_email="><script>alert(123);</script>
Vendor:
I posted a notice on the board ([Only registered and activated users can see links]) a while ago.
Feedback:
Comments, suggestions, updates, anything else?
-> mailto:[Only registered and activated users can see links]
__________________________________________
badWebMasters - ben moeckel security research
[Only registered and activated users can see links] [Only registered and activated users can see links]
copyright 2k1-3 by Benjamin Klimmek / Germany
mailto:[Only registered and activated users can see links]
Date: 2003-11-03
Security-Corporation ID : SC-0726
Author : Benjamin Klimmek <[Only registered and activated users can see links]>
Product : PHP-Kit
Source Message Contents :
[Only registered and activated users can see links]
ben moeckel security research
-------------------------------------------------
badWebMasters security advisory #017
Cross Site Scripting @ PHP-Kit
Discovery date: 2003-09
Original advisory:
[Only registered and activated users can see links] (text/html)
Legal Notice:
Copyright 2003 by Benjamin Klimmek (ben moeckel - badWebMasters)!
You may distribute it unmodified.
You may not modify it and distribute it or distribute parts of it
without giving credits and the URL where the original advisory can be
found!
This document may change without notice.
Author:
ben moeckel ([Only registered and activated users can see links])
mailto: [Only registered and activated users can see links]
Description:
PHPKIT is a Nuke-a-like portal written in PHP.
The contact-formular is prone to several cross site scripting
vulnerabilities.
Exploit:
[Only registered and activated users can see links]
?path=contact.php&contact_email="><script>alert(123);</script>
Vendor:
I posted a notice on the board ([Only registered and activated users can see links]) a while ago.
Feedback:
Comments, suggestions, updates, anything else?
-> mailto:[Only registered and activated users can see links]
__________________________________________
badWebMasters - ben moeckel security research
[Only registered and activated users can see links] [Only registered and activated users can see links]
copyright 2k1-3 by Benjamin Klimmek / Germany
mailto:[Only registered and activated users can see links]