NPDS REvolution 10.02 – ‘topic’ Cross-Site Scripting

Exploit Database
114 阅读

作者： High-Tech Bridge SA

日期： 2010-05-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/33985/

source: https://www.securityfocus.com/bid/40157/info

NPDS Revolution is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

NPDS Revolution 10.02 is vulnerable; other versions may also be affected.

http://www.example.com/viewtopic.php?topic=3"><script>alert(document.cookie)</script>&forum=1

last Exploits
NPDS REvolution 10.02 – ‘topic’ Cross-Site Scripting的更多信息

Advanced Webhost Billing System (AWBS) 2.9.6 – Multiple Vulnerabilities：
Joomla! Component com_niceajaxpoll 1.3.0 – SQL Injection：
Edimax EW-7438RPn – Cross-Site Request Forgery (MAC Filtering)：
ASTPP VoIP Billing (4cf207a) – Multiple Vulnerabilities：
Artworks Gallery 1.0 – Arbitrary File Upload RCE (Authenticated) via Add Artwork：
PHPDirector 0.30 – ‘videos.php’ SQL Injection：
ChemInv 1.0 – Authenticated Persistent Cross-Site Scripting：
FLIR AX8 Thermal Camera 1.32.16 – Arbitrary File Disclosure：