PhotoPost Script Injection Vulnerability [Archive]

PhotoPost Script Injection Vulnerability

Joeychgo

11-25-2005, 03:12 PM

I ran across this

PhotoPost Script Injection Vulnerability

PhotoPost is prone to a script injection vulnerability. This is due to a lack of proper sanitization of user-supplied input.

A malicious user may cause arbitrary script code to be executed in the Web browser context of an unsuspecting victim. This may lead to the theft of cookie-based authentication credentials in the context of the victim's browser application.

Further attacks are also possible.

I found it here: http://www.securityfocus.com/bid/14671/discuss

Thank you for visiting. This is our website archive. Please visit our main website by clicking the banner above. vBulletin FAQ is dedicated to helping the forum owner build, manage and profit from his vBulletin Forum vBulletin Web Hosting - Free skins and styles for your vBulletin - Search Engine Optimization

vBulletin FAQ Forums > Customizing your vBulletin > Hack Discussion and Requests > PhotoPost Script Injection Vulnerability PDA PhotoPost Script Injection Vulnerability Joeychgo 11-25-2005, 03:12 PM I ran across this PhotoPost Script Injection Vulnerability PhotoPost is prone to a script injection vulnerability. This is due to a lack of proper sanitization of user-supplied input. A malicious user may cause arbitrary script code to be executed in the Web browser context of an unsuspecting victim. This may lead to the theft of cookie-based authentication credentials in the context of the victim's browser application. Further attacks are also possible. I found it here: http://www.securityfocus.com/bid/14671/discuss
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35