Exploit Database - Logo

ac4p Mobile - 'polls.php' Multiple Parameter Cross-Site Scripting (1)

EDB-ID: 28902 Author: AL-garnei Published: 2006-11-03
CVE: CVE-2006-5770 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/20895/info
  
Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. 
  
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
  
http://www.example.com/path/polls.php?Newnews={XSS}

Related Exploits

Trying to match CVEs (1): CVE-2006-5770
Trying to match OSVDBs (1): 32048
Other Possible E-DB Search Terms: ac4p Mobile
Date D V Title Author
2006-11-03Download Exploit Code Verified ac4p Mobile - 'index.php' Multiple Parameter Cross-Site ScriptingAL-garnei
2006-11-03Download Exploit Code Verified ac4p Mobile - 'MobileNews.php' Multiple Parameter Cross-Site ScriptingAL-garnei
2006-12-04Download Exploit Code Verified ac4p Mobile - 'polls.php' Multiple Parameter Cross-Site Scripting (2)SwEET-DeViL
2006-11-03Download Exploit Code Verified ac4p Mobile - cp/index.php pagenav Parameter Cross-Site ScriptingAL-garnei
2006-11-03Download Exploit Code Verified ac4p Mobile - send.php cats Parameter Cross-Site ScriptingAL-garnei
2006-11-03Download Exploit Code Verified ac4p Mobile - up.php Multiple Parameter Cross-Site ScriptingAL-garnei
2006-12-04Download Exploit Code Verified ac4p Mobile - up.php Taaa Parameter Cross-Site ScriptingSwEET-DeViL
Menu