Yogurt Social Network fans.php uid variable XSS
Page 1 of 1
Yogurt Social Network fans.php uid variable XSS
##########################################
Yogurt Social Network fans.php uid variable XSS
Vendor url:http://sourceforge.net/project/
showfiles.php?group_id=204109
Vendor notify:no exploits availables:yes
##########################################
Yogurt Social Network is a social network php/Mysql script
module for multiple CMS Systems like Xoops,e-xoops,bcoos and
impressCMS and probably in all CMS based in Xoops code.
Yogurt Social Network contains a flaw that allows a remote
cross site scripting attack.This flaw exists because
the application does not validate 'uid' variable upon
submission to Multiple scripts script in yogurt module.
This could allow a user to create a specially crafted URL
that would execute arbitrary code in a user's browser within
the trust relationship between the browser and the server,
leading loss ofintegrity.
##########
versions
##########
Yogurt Social Network 3.2 rc1
it affects This type CMS Systems if we
have instaled this module:
Xoops
e-xoops
ImpressCMS
Bcoos
and other that uses xoops code and this module.
############
Solution
############
No solution at this time !!!
###########
Examples
###########
http://localhost/impresscms/htdocs/modules/yogurt/fans.php?
uid=1">[XSS-CODE]
############## €nd ###################
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» For sale: 1.5 million social network accounts
» Patch for Yogurt writemessage.php original Parameter SQL Injection
» DHCart Multiple variable XSS and stored XSS
» Wowd search client multiple variable xss
» bcoos /mysections/ratefile.php lid variable SQL injection
» Patch for Yogurt writemessage.php original Parameter SQL Injection
» DHCart Multiple variable XSS and stored XSS
» Wowd search client multiple variable xss
» bcoos /mysections/ratefile.php lid variable SQL injection
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|