Dersimiz Haber Ekleme Modulu yorumkaydet.asp Script Insertion

Thursday, 9 August 2007

GeFORC3 has reported some vulnerabilities in Dersimiz Haber Ekleme Modulu, which can be exploited by malicious people to conduct script insertion attacks.

Input passed to the "yazan", "mail", and "yorum" parameters in yorumkaydet.asp is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.

Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
GeFORC3 ( G3 )

Share this content:
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.