Disclosure: Prayer Request Board (PRB) addRequest.php Request Field XSS

[This was originally published on OSVDB, now gone, and touched up slightly for style. VulnDB 23958]

From: security curmudgeon
To: todd(at)geekforgod.net
Date: Sun, 19 Mar 2006 20:40:21 -0500 (EST)
Subject: PRB small security vulnerability

Hey Todd,

When submitting a new prayer request (addRequest.php), the Request field doesn’t sanitize user input. This allows for cross-site scripting (XSS)
attacks. You can see a safe sample of it on the demo on geekforgod.net.

Jericho

Leave a Reply

%d