Users login

Create an account »


Users login

Home » Hacking News » [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor

[SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor

by Nikola Strahija on March 3rd, 2003 A Cross-Site Scripting vulnerability have been found in PY-Livredor which allow attackers to inject script codes into the guestbook and use them on clients browser as if they were provided by the website.

This Cross-Site Scripting vulnerability are found in the page for
posting messages (index.php)

An attacker can input specially crafted links and/or other
malicious scripts.


A vulnerability was discovered in the page for posting messages,
at this adress :


The vulnerability is at the level of the interpretation of the "titre",
"Votre pseudo", "Votre e-mail", "Votre message" fields.

Indeed, the insertion of a hostile code script in this field makes it
possible to a malicious user to carry out this script on the navigator
of the visitors.

The hostile code could be :


(open a window with the cookie of the visitor.)

(replace [] by <>)


No solution for the moment.


The vendor has reportedly been notified.


Version Fran├žaise :

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »