> > >Successful exploitation requires the ability to execute the uploaded JavaScript. > > >The Geeklog Forum program can be used as an attack vector since it does not > >> properly validate many $_GET / $_POST variables. > >Could you give us some more details about these XSS vulnerabilities ? :) >> > >Cause all I see here is a RCE in the admin panel. >> You confirm that there are XSS but we don't have any details about them...
>The >easy one is when the forum allows anonymous posts and is configured for >text posts. The anonymous user name is never filtered, so you can put >anything there, including a reference to the javascript uploaded as the >user profile image.. ><script src="../images/userphotos/username.jpg"></script> How about the php flaw?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/