TUCoPS :: Web :: PHP :: b06-2505.htm

TUCoPS :: Web :: PHP :: b06-2505.htm
PHP AGTC-Membership system <= v1.1a XSS

PHP AGTC-Membership system <= v1.1a XSS PHP AGTC-Membership system <= v1.1a XSS


PHP AGTC-Membership system <= v1.1a XSS=0D
=0D
Discovered by: Nomenumbra=0D
Date: 23/5/2006=0D
impact:moderate (privilege escalation,possible defacement)=0D
=0D
Ordinary users can add users to the user management system as well,=0D
or change their own email address, which isn't properly sanitized, thus=0D
allowing XSS as follows (for example):=0D
=0D
=0D
=0D
Nomenumbra