|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Monday, 20 August 2007 23:24 |
 [HSC] Freeshoutbox.net Web Applications HTML Injection Vulnerabilities
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and
launch other attacks. A successful injection into the shout box form could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Class: Input Validation Error
Remote: Yes
Product: Shout Box Software
Vendor: http://www.freeshoutbox.net/
* Exploit is not needed, Attackers can exploit these issues via a web client.
Only becoming an Ethical Hacker, you can stop a hacker. Were can you learn with out
having to pay thousands!- http://kit.hackerscenter.com - The most comprehensive
security pack you will ever find on the net!
|
