TUCoPS :: Web :: Blogs :: b06-2039.htm

ChipmunkBlogger improper input sanitizing
ChipmunkBlogger improper input sanitizing
ChipmunkBlogger improper input sanitizing



ChipmunkBlogger improper input sanitizing=0D
=0D
Discovered by: Nomenumbra=0D
Date: 6/4/2006=0D
impact:moderate (privilege escalation,possible defacement)=0D
=0D
Posts (potentially made by lower-privilege members) and profile names aren't properly sanitized, thus resulting=0D
in being vulnerable to the following kind of XSS injection:=0D
=0D
=0D
=0D
The photo gallery input isn't sanitized either, by giving the following=0D
input as an url we have a nice XSS attack:=0D
=0D
javascript:alert(%27xss%27)=0D
=0D
=0D
Nomenumbra/[0x4F4C]=0D
=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH