- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 22166
- Проверка EDB
-
- Пройдено
- Автор
- SNOOQ
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2003-1347
- Дата публикации
- 2003-01-14
Код:
source: https://www.securityfocus.com/bid/6604/info
Geeklog is prone to HTML injection attacks.
The user account 'Homepage' field is not sufficiently sanitized of HTML and script code. As a result, a malicious user may inject malicious HTML and script code into this field. When the malicious user's account information is displayed to other web users, the attacker-supplied code will be interpreted in their web client in the security context of the site hosting the vulnerable software.
http://url" onmouseover="alert(document.cookie)- Источник
- www.exploit-db.com
