LEPTON 1.1.3 – Cross-Site Scripting

• Exploit Database
• 17 阅读

• 作者： High-Tech Bridge SA
  日期： 2012-02-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/36787/

• source: https://www.securityfocus.com/bid/52026/info
  
  LEPTON is prone to multiple input-validation vulnerabilities, including:
  
  1. A cross-site scripting vulnerability
  2. An SQL-injection vulnerability
  3. A local file-include vulnerability
  4. Multiple HTML-injection vulnerabilities
  
  Exploiting these issues could allow an attacker to execute arbitrary script and PHP code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  
  LEPTON 1.1.3 is vulnerable; other versions may also be affected. 
  
  http://www.example.com/admins/login/forgot/index.php?message=%3Cscript%3Ealert%28document.cookie%29;%3C/scrip t%3E