E107 Referer Cross Site Scripting

E107 Referer Cross Site Scripting: Posted Sep 24, 2009; Authored by MustLive; E107 suffers from a referer header cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | bc15dba228664889a433738765ce808c046107fd905482adc8d3771ab1e526ce; Download | Favorite | View

E107 Referer Cross Site Scripting

Hello Bugtraq!

I want to warn you about Cross-Site Scripting vulnerability in E107. Which I
found at 31.01.2009 and disclosed recently.

XSS:

At page for sending news to email (http://site/email.php?news.1) it's
possible to conduct XSS attack via Referer header. Particularly it can be
done via flash.

Referer: '><script>alert(document.cookie)</script>

Vulnerable are E107 0.7.16 and previous versions (all versions).

I mentioned about this vulnerability at my site
(http://websecurity.com.ua/3528/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Top Authors In Last 30 Days

Red Hat 297 files
Ubuntu 66 files
Debian 33 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
gabe_k 3 files
liquidsky 3 files
kai6u 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,567)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,739)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,489)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

E107 Referer Cross Site Scripting

E107 Referer Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

E107 Referer Cross Site Scripting

Share This

E107 Referer Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems