In-Reply-To: <200505172151.j4HLpThM004829@xxxxxxxxxxxxxxx> >>Cross Site Scripting: >>------------------------- >>You can abuse the SQL-Injections for XSS attacks. > >Does this occur because the XSS-style attacks are being injected into >SQL queries, which then generate errors because the queries are >malformed, and then PHP blindly reflects the malformed query back to >the user without quoting XSS-relevant characters? That would seem to >be more of a problem with the application's runtime environment >(i.e. PHP) than JGS-Portal itself. Try the following link: /jgs_portal_statistik.php?meinaction=mitglieder&month=1&year=1<script>alert(document.cookie);</script> JGS-Portal doesn't report an error and the year parameter is passed unfiltered. This is definitively the problem of JGS-Portal. If a SQL-error occurs and the error message contains Cross Site Scripting code, than you're completely right. Regards, deluxe
