9 lines
No EOL
598 B
Text
Executable file
9 lines
No EOL
598 B
Text
Executable file
source: http://www.securityfocus.com/bid/4888/info
|
|
|
|
CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick.
|
|
|
|
A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net. It is possible for an authenticated user to add directives and make changes to the generated .htaccess file.
|
|
|
|
javascript:void(document.form1.title.outerHTML="<textarea name=title></textarea>");
|
|
|
|
Adding the javascript as part of the URL will change the text field into a textbox allowing users to enter newlines and other characters. |