Referer XSS in E-Blah Platinum
- Referer XSS in E-Blah Platinum
- Last Update
- 2006.02.22 CVE entry added
- Risk Level
- Cross Site Scripting
- Vulnerable Software
- E-Blah Platinum (http://www.eblah.com)
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Cross Site Scripting found in E-Blah Platinum (http://www.eblah.com) script.
Vulnerable script: Code/Routines.pl
Environment variable 'HTTP_REFERER' isn't properly sanitized. This can be used to post HTTP query with fake Referer value which may contain arbitrary html or script code. This code will be executed when administrator will open "Click Log".
Administrator's login and password are threatened.
Example of HTTP Query:
GET /cgi-bin/Blah.pl HTTP/1.0
Vendor-provided patch is available here:
Order Source Code Analysis
You may order PHP code test of your website done by our team.The order will be done by specialists in web application security.