PHPSimple Choose v0.3

2006-05-30 / 2006-05-31

Credit: luny youfucktard com

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-2639

CWE: CWE-Other

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

PHPSimple Choose v0.3
Homepage:
http://phpsimplechoose.sourceforge.net
Description:
Do you need to add some fun to your site? Look no further. With PHPSimpleChoose you can let your users input terms and have one randomly choosen. Every bit of text is changeable, and we are working on allowing you to choose how many text boxes there are. We have also intergrated many <span> elements to allow CSS customization.
Effected files:
Input forms on PHPSimpleChoose
The input forms don't sanatize user input before dynamically generating it. This could cause users to insert malicious data.
Proof of concept:
Try entering [IMG SRC=javascript:alert('XSS')] in the input boxes.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHPSimple Choose v0.3

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.