XSS vulnerability found via injection in the parameter address


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting XSS vulnerability found via injection in the parameter address
# 1  
Old 09-09-2017
XSS vulnerability found via injection in the parameter address

Mods please move if posted in wrong section, I wasnt sure where to ask this one.

There are several of us that use an open source program called yiimp,
Code:
https://github.com/tpruvot/yiimp

several of our sites were attacked last night and I am reaching out to you guys to see if then vulnerability can be fixed quickly.

I believe the offending file is
Code:
/modules/site/wallet.php

my security scan shows
Code:
GET /?address=String.fromCharCode%280%2Cw6w7atn4rh%2C1%29 HTTP/1.1

for the vulnerability
Login or Register to Ask a Question

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Parameter not found.. pass in a uppercase

hi guys i am trying to convert a uppercase var to a lowercase var and the result is pass in to another var. But i kept getting error from the variable that will be containing the result of the conversion of uppercase to the lowercase. DB_SID=TEST DB_SID_SM=/opt/$DB_SID | tr ''... (5 Replies)
Discussion started by: redologger
5 Replies

2. IP Networking

IP Address not found in ifconfig/netstat

I'm working on an AIX Unix LPAR (AIX 3.5 00C3C9904C00 as returned by uname -a) I can access this box using telnet, port 22 using adress IP A and B A=AA.AA.XX.XX and B=AA.AA.YYY.YYY I can confirm these 2 are the same space, I can see I can't find address B listed anywhere... so I wonder what... (1 Reply)
Discussion started by: Isax50
1 Replies

3. News, Links, Events and Announcements

UUCP Vulnerability found in Linux

NEWS: UUCP vulnerability found in the command line argument handling of uucp which could be exploited by a local user to obtain uucp uid/gid. http://www.linuxhelp.net/article.pl?sid=02/02/20/0335219&mode=&threshold= (1 Reply)
Discussion started by: killerserv
1 Replies
Login or Register to Ask a Question
scroll(3NCURSES)														  scroll(3NCURSES)

NAME
scroll, scrl, wscrl - scroll a curses window SYNOPSIS
#include <curses.h> int scroll(WINDOW *win); int scrl(int n); int wscrl(WINDOW *win, int n); DESCRIPTION
The scroll routine scrolls the window up one line. This involves moving the lines in the window data structure. As an optimization, if the scrolling region of the window is the entire screen, the physical screen may be scrolled at the same time. For positive n, the scrl and wscrl routines scroll the window up n lines (line i+n becomes i); otherwise scroll the window down n lines. This involves moving the lines in the window character image structure. The current cursor position is not changed. For these functions to work, scrolling must be enabled via scrollok. RETURN VALUE
These routines return ERR upon failure, and OK (SVr4 only specifies "an integer value other than ERR") upon successful completion. X/Open defines no error conditions. This implementation returns an error if the window pointer is null, or if scrolling is not enabled in the window, e.g., with scrollok. NOTES
Note that scrl and scroll may be macros. The SVr4 documentation says that the optimization of physically scrolling immediately if the scroll region is the entire screen "is" per- formed, not "may be" performed. This implementation deliberately does not guarantee that this will occur, to leave open the possibility of smarter optimization of multiple scroll actions on the next update. Neither the SVr4 nor the XSI documentation specify whether the current attribute or current color-pair of blanks generated by the scroll function is zeroed. Under this implementation it is. PORTABILITY
The XSI Curses standard, Issue 4 describes these functions. SEE ALSO
ncurses(3NCURSES), outopts(3NCURSES) scroll(3NCURSES)