- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 22421
- Проверка EDB
-
- Пройдено
- Автор
- OVER_G
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2003-03-25
Код:
source: https://www.securityfocus.com/bid/7190/info
It has been reported that Web Chat Manager is prone to HTML injection attacks. This problem occurs due to insufficient sanitization of user-supplied input.
As a result of this insufficiency an attacker may embed HTML code via a HTML form field or URI parameter of the Web Chat Manager user registration page.
It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.
http://<target>/chat_dir/register.php?register=yes&username=OverG&email=<scr*pt>alert%20
("Test!")</scr*pt>&email1=<scr*pt>alert%20("Test!")</scr*pt>- Источник
- www.exploit-db.com
