AlstraSoft E-Friends - XSS

---

• From: luny@xxxxxxxxxxxxxxx
• Date: 22 May 2006 21:43:19 -0000

---

AlstraSoft E-Friends - XSS

Homepage:
http://www.alstrasoft.com/

Description:

Alstrasoft E-friends allows you to run a community site like MySpace and Friendster.

Effected files or areas of site:
index.php

The input forms on the following items belowdo not properlly filter out all potential harmful characters. XSS are possible because of this.

Posting a blog
Posting a listing
Posting an event
Adding comments
Sending a message

---

• Prev by Date: phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!)
• Next by Date: Alstrasoft Article Manager Pro v1.6
• Previous by thread: phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!)
• Next by thread: Alstrasoft Article Manager Pro v1.6
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2006-05