Thread: Kudos CMS
View Single Post
Old 04-16-2008, 08:11 PM   #19 (permalink)
freenity
The Acquainted
 
freenity's Avatar
 
Join Date: Feb 2008
Posts: 119
Thanks: 17
freenity is on a distinguished road
Default
Quote:
Originally Posted by ETbyrne View Post
only four of those are a problem:
http://www.evanbot.com/kudos/demo/?p...file_photo&id=[XSS],
Live Kudos CMS Demo[XSRF],
http://www.evanbot.com/kudos/demo/?page=post_wall&id=[XSS], and
http://www.evanbot.com/kudos/demo/?page=album&id=[XSS]

Other than that all the other ones don't do anything at all. I'll fix the problem and release a patch.

NOTE: These will not screw up someone's account, they will only waist disc space. Thanks for the heads up.
Using xss vulnerability someone could steel your cookies, possibly getting access to victim's account.
Another thing that can be done, is a popup window, that will show attackers page, or even a redirect :S
__________________
http://feudal-times.net - My PBB Game
http://gwphp.feudal-times.net - My Blog "Gaming With PHP"
freenity is offline   		Reply With Quote