- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21525
- Проверка EDB
-
- Пройдено
- Автор
- AHMET SABRI ALPER
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2002-0962
- Дата публикации
- 2002-06-10
Код:
source: https://www.securityfocus.com/bid/4969/info
Geeklog does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the 'index.php' or 'comment.php' script. Such a malicious link might be included in a HTML e-mail or on a malicious webpage.
This may enable a remote attacker to steal cookie-based authentication credentials from legitimate users of a host running Geeklog.
This issue has been reported to exist in Geeklog 1.3.5, earlier versions may also be susceptible to this issue.
/index.php?topic=<script>alert(document.cookie)</script>
/comment.php?mode=display&sid=foo&pid=18&title=<script>alert(document.cookie)</script>&type=article- Источник
- www.exploit-db.com
