PHP Ringtone Website 'ringtones.php' Multiple Cross Site Scripting Vulnerabilities
BID:51418
Info
PHP Ringtone Website 'ringtones.php' Multiple Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 51418 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 15 2012 12:00AM |
| Updated: | Jan 15 2012 12:00AM |
| Credit: | Atmon3r |
| Vulnerable: |
e-soft24 PHP Ringtone Website 0 |
| Not Vulnerable: | |
Exploit / POC
PHP Ringtone Website 'ringtones.php' Multiple Cross Site Scripting Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.
The following example URI is available:
http://www.example.com/[path]/ringtones.php?mmchar0_1=[xss]&mmstart0_1=1&mmsection0_1=[xss]
To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.
The following example URI is available:
http://www.example.com/[path]/ringtones.php?mmchar0_1=[xss]&mmstart0_1=1&mmsection0_1=[xss]
References
PHP Ringtone Website 'ringtones.php' Multiple Cross Site Scripting Vulnerabilities
References:
References:
- PHP Ringtone Website Homepage (e-Soft24)