daniloalvessouza / webgrind

Automatically exported from code.google.com/p/webgrind
Other
0 stars 0 forks source link

XSS issue #65

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
index.php, param: dataFile

1. 
http://localhost/webgrind/index.php?dataFile=<script>alert("ZSL");</script>&cost
Format=msec&showFraction=1&hideInternals=0&op=function_list

2. Tested on current version of WampServer version 2.2c (win32)
3. Webgrind version 1.0

Thank You,

Gjoko,
lab@zeroscience.mk

Original issue reported on code.google.com by liquidw...@gmail.com on 16 Feb 2012 at 6:10

GoogleCodeExporter commented 8 years ago
Does not execute javascript in current version available in trunk on github.

Original comment by gugakf...@gmail.com on 17 Feb 2012 at 2:45

GoogleCodeExporter commented 8 years ago
Also, don't install webgrind on production servers

Original comment by gugakf...@gmail.com on 17 Feb 2012 at 2:46

GoogleCodeExporter commented 8 years ago
Thank you for the heads up, the advisory (ZSL-2012-5073) has been updated.

Original comment by liquidw...@gmail.com on 17 Feb 2012 at 2:56