TUCoPS :: HP Unsorted T :: b06-2863.htm

Tinymuw v1.0 - xss
TinyMuw v1.0 - XSS
TinyMuw v1.0 - XSS



TinyMuw v1.0

Homepage:
http://www.l0j1k.com/tinyMuw/index.php

Effected files:
quickchat.php input box
videoPage.php

Input isn't sanatized before being generated in the quickchat.php chatbox. For PoC try putting:
 in as your comment.

Full path disclosure error via URL Injection:

http://www.example.com/tinyMuw/videoPage.php?id=28'

Fatal error: Using $this when not in object context in /home/user/public_html/tinyMuw/tinyMuw/video.php on line 18 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH