hey team, seems evince is vuln through it's embedded use of gv to the same hole
described in bid 20978. here is exploit code for evince. users using
epiphany web browser beware, this is click-a-link exploitation.
--K-sPecial
/*
* Creator: K-sPecial (xzziroz.net) of .aware (awarenetwork.org)
* N
Date: 03/22/2006
Vendor: OSI Codes
Product: PHP Live!
Versions: tested 3.0
Vulnerability: Cross Site Scripting
Location: status_image.php
Exploit:
/phplive/js/status_image.php?base_url=alert(document.cookie)
Stumbled across this while auditing a web server, vendor has been notified.
--K-sPecial
