usd250-xss.txt

usd250-xss.txt: Posted Oct 25, 2007; Authored by Joseph Giron; The helpdesk utility called usd250 suffers from a cross site scripting vulnerability.; tags | advisory, xss; SHA-256 | 68208b8694df5e6a681f5078da14221c75ded411ff2a9c44084035c3577c90c5; Download | Favorite | View

usd250-xss.txt


http://www.oneorzero.com/

Within the helpdesk utility usd250, an XSS in the comments field is possible. 
The comments strip script tags and replace them with (not allowed), but
script tags dont need to be in place for XSS. Something along the lines of...
<b onmouseover="window.alert('omghax')">some text</b> Suffices. 

The fix is to use htmlentities() or htmlspecialchars() to filter ALL html
from user input.

Top Authors In Last 30 Days

Red Hat 229 files
indoushka 167 files
Jay Turla 150 files
Ubuntu 67 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

usd250-xss.txt

usd250-xss.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

usd250-xss.txt

Share This

usd250-xss.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems