Skip to content

SSCHADV2012-015 - WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities

Advisory:
WordPress Plugin ‘Count Per Day’ 3.1.1 Multiple Cross-site scripting vulnerabilities
Advisory ID:
SSCHADV2012-015
Author:
Stefan Schurtz
Affected Software:
Successfully tested on ‘Count Per Day’ 3.1.1
Vendor URL:
Vendor Status:
fixed
CVE-ID:
CVE-2012-3434
 
======================
Vulnerability Description
======================
 
The WordPress plugin ‘Count Per Day’ 3.1.1’ is prone to multiple XSS vulnerabilities
 
Continue reading "SSCHADV2012-015 - WordPress Plugin 'Count Per Day' 3.1.1 Multiple Cross-site scripting vulnerabilities"

Bypass 'preg_replace' XSS filter

// xss.php (Download)
 
 <?php
 
$message = $_GET[‘xss’];

$message = 
preg_replace( ‘/<script[^\>]*>|<\/script>|(onabort|onblur|onchange|onclick|ondbclick|onerror|onfocus|onkeydown|onkeypress|
onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|
onreset|onresize|onselect|onsubmit|onunload)\s*=\s*"[^"]+"/i’, ‘’, $message );
 
echo $message;
?>
 
Continue reading "Bypass 'preg_replace' XSS filter"

SSCHADV2012-017 - MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities

Advisory:
MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities
Advisory ID:
SSCHADV2012-017
Author:
Stefan Schurtz
Affected Software:
Successfully tested on MGB OpenSource Guestbook 0.6.9.1
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The MGB OpenSource Guestbook is prone to multiple security vulnerabilities
 
Continue reading "SSCHADV2012-017 - MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities"

SSCHADV2012-013 - PHP Address Book 7.0.0 and 8.1.9.1 Multiple security vulnerabilities

Advisory:
PHP Address Book 7.0.0 and 8.1.9.1 Multiple security vulnerabilities
Advisory ID: SSCHADV2012-013
Author: Stefan Schurtz
Affected Software: Successfully tested on PHP Address Book 7.0.0 and 8.1.9.1 (latest version)
Vendor URL:
Vendor Status:
informed
 
======================
Vulnerability Description
======================
 
PHP Address Book 7.0.0 and 8.1.9.1 are prone to multiple XSS and SQLi vulnerabilities
 
Continue reading "SSCHADV2012-013 - PHP Address Book 7.0.0 and 8.1.9.1 Multiple security vulnerabilities"

KORAMISADV2012-001 - Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability

Advisory:
Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability
Advisory ID: KORAMIS-ADV2012-001
Contact: security@koramis.de
Author: Stefan Schurtz
Affected Software: Successfully tested on Serendipity 1.6
Vendor URL:
Vendor Status:
fixed
CVE-ID:
CVE-2012-2331, CVE-2012-2332
EDB-ID: 18884
 
==========================
Vulnerability Description
==========================
 
The Serendipity backend is prone to a Cross-Site Scripting and SQL-Injection vulnerability
 
Continue reading "KORAMISADV2012-001 - Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability"

SSCHADV2012-012 - Baby Gekko v1.2.0 Multiple XSS vulnerabilities

Advisory:
Baby Gekko v1.2.0 Multiple XSS vulnerabilities
Advisory ID: SSCHADV2012-012
Author: Stefan Schurtz
Affected Software: Successfully tested on Baby Gekko v1.2.0
Vendor URL: http://www.babygekko.com/
Vendor Status:
informed
 
======================
Vulnerability Description
======================
 
Baby Gekko v1.2.0 is prone to multiple Cross-Site scripting vulnerabilities
 
Continue reading "SSCHADV2012-012 - Baby Gekko v1.2.0 Multiple XSS vulnerabilities"
Imprint | Contact | Privacy Statement