Golden Book Index.PHP Cross-Site Scripting Vulnerabilities
BID:21846
Info
Golden Book Index.PHP Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 21846 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 02 2007 12:00AM |
| Updated: | Jan 04 2007 08:36PM |
| Credit: | sn0oPy is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
triviere.free.fr golden book 0 |
| Not Vulnerable: | |
Discussion
Golden Book Index.PHP Cross-Site Scripting Vulnerabilities
The 'golden book' application is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The 'golden book' application is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
Golden Book Index.PHP Cross-Site Scripting Vulnerabilities
An attacker can exploit these issues with a web client.
An attacker can exploit these issues with a web client.
Solution / Fix
Golden Book Index.PHP Cross-Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Golden Book Index.PHP Cross-Site Scripting Vulnerabilities
References:
References:
- golden book Web Site (golden book)
- golden book XSS ([email protected])