AzDGDatingLite Cross-Site Scripting Vulnerabilities
BID:10084
Info
AzDGDatingLite Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 10084 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 07 2004 12:00AM |
| Updated: | Apr 07 2004 12:00AM |
| Credit: | Discovery is credited to Janek Vind <[email protected]>. |
| Vulnerable: |
Azerbaijan Development Group AzDGDatingLite 2.1.1 |
| Not Vulnerable: | |
Discussion
AzDGDatingLite Cross-Site Scripting Vulnerabilities
Multiple cross-site scripting vulnerabilities have been reported in AzDGDatingLite. These issues may be exploited by enticing a victim user to visit a malicious link that includes hostile HTML and script code.
Exploitation could facilitate theft of cookie-based authentication credentials or other attacks.
This issue was reported in AzDGDatingLite 2.1.1. It is not known if earlier versions or commercial releases which share the same code base are affected, such as AzDGDatingPlatinum or AzDGDatingGold.
Multiple cross-site scripting vulnerabilities have been reported in AzDGDatingLite. These issues may be exploited by enticing a victim user to visit a malicious link that includes hostile HTML and script code.
Exploitation could facilitate theft of cookie-based authentication credentials or other attacks.
This issue was reported in AzDGDatingLite 2.1.1. It is not known if earlier versions or commercial releases which share the same code base are affected, such as AzDGDatingPlatinum or AzDGDatingGold.
Exploit / POC
AzDGDatingLite Cross-Site Scripting Vulnerabilities
The following examples were provided:
http://www.example.com/azdlite/index.php?l=en"><script>alert(document.cookie);</script>
http://www.example.com/azdlite/view.php?l=&id=00001<script>alert(document.cookie);</script>
The following examples were provided:
http://www.example.com/azdlite/index.php?l=en"><script>alert(document.cookie);</script>
http://www.example.com/azdlite/view.php?l=&id=00001<script>alert(document.cookie);</script>
Solution / Fix
AzDGDatingLite Cross-Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
AzDGDatingLite Cross-Site Scripting Vulnerabilities
References:
References:
- AzDG Homepage (Azerbaijan Development Group)
- [waraxe-2004-SA#014 - Cross-Site Scripting aka XSS in AzDGDatingLite] (Janek Vind
)