EJ3 Topo version 2.2.178 is susceptible to cross site scripting attacks.
beb93ce5504c3c24f9400a12ca8ad5e645ca57e4c65eb6b1b79f243182749bc7
- Advisory: EJ3 TOPo Cross Site Scripting Vulnerability
- Author: Yunus Emre Yilmaz || Yns [mail@yunusemreyilmaz.com]
- Application: EJ3 TOPo ( http://ej3soft.ej3.net )
- Affected Version : v2.2.178 ( maybe older versions..)
- Risk : Critical
Details : If an attacker access /code/inc_header.php directly , he can bypass $gTopNomBer variable.(Register_globals must be on)
Problem is about not defining or filtering the variable.
Proof Of Concept : access /code/inc_header.php like
inc_header.php?gTopNombre=><script>alert(document.cookie)</script>
and print users cookie.So an attacker can escape admins cookie.
Release Date: 2006/02/28
Contacted to vendor : 2006/02/28