Geeklog 1.3.x - Cross-Site Scripting

Author: Lorenzo Hernandez Garcia-Hierro
type: webapps
platform: php
port: 
date_added: 2003-09-29  
date_updated: 2012-12-06  
verified: 1  
codes: OSVDB-3272  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 23194.txt  
source: https://www.securityfocus.com/bid/8718/info

Geeklog is prone to multiple vulnerabilities, including cross-site scripting and SQL injection issues. Exploitation of these issues could permit unauthorized access to user accounts and sensitive information.

Some of these issues may be related to previously documented vulnerabilities in Geeklog.


http://www.example.com/faqman/index.php?op=view&t=518">[XSS ATTACK CODE]

http://www.example.com/filemgmt/brokenfile.php?lid=17'/%22%3[XSS ATTACK CODE]