> > >Successful exploitation requires the ability to execute the uploaded
JavaScript.
> > >The Geeklog Forum program can be used as an attack vector since it does
not
> >> properly validate many $_GET / $_POST variables.
> >Could you give us some more details about these XSS vulnerabilities ? :)
>>
On 4 Oct 2009, at 08:47, Jaloh Smith wrote:
> The
> easy one is when the forum allows anonymous posts and is configured
> for
> text posts. The anonymous user name is never filtered, so you can put
> anything there, including a reference to the javascript uploaded as
> the
> user profile image
>
> > Successful exploitation requires the ability to execute the uploaded
> > JavaScript.
> > The Geeklog Forum program can be used as an attack vector since it does not
> > properly validate many $_GET / $_POST variables.
> Could you give us some more details about these XSS vulnerabilities ?
>
> Files with .jpg extensions can be uploaded, but these file can contain
> anything, like javascript or PHP code. Using FireFox you can upload any
> jpg extension and it will be accepted since FireFox sets the mime type
> based on file extension.
>
> Uploading usually requires that you first crea
==
Geeklog <= v1.6.0sr2 - Remote File Upload
Discovered: JaL0h
Software Site: http://www.geeklog.net
Dork: "By Geeklog" "Created this page in" +seconds +powered
=