[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VistaReseller Panel BETA Xss Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: VistaReseller Panel BETA Xss Vulnerability
From: irancrash@xxxxxxxxx
Date: 16 Jun 2008 16:30:27 -0000

######################################
# VistaReseller Panel BETA Xss Vulnerability
######################################
# Discovered By Khashayar Fereidani Or Ircrash
# Our Team : IRCRASH
# IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - 
Malc0de - R3d.w0rm - Rasool Nasr
# Risk : Low
######################################
# Xss Address : http://Example/panel/index.php?option=forums
# Variable : [resellerdomain]
######################################
# How Work With it :
# Login In VistaReseller Panel And Open Url
# Insert http://";<script>alert('xss')</script> in Text box and click (Add) 
Button .
# Now Open the Url Again & See xss msg
######################################
# Solution : Edit Source Code And Filter Variable With htmlspecialchar() 
function .......
######################################
# Khashayar Fereidani Email : irancrash[at]gmail[at]com
# Tnx : God ....
######################################

Prev by Date: Returnil Virtual System 2008 - Password Disclosure Issue
Next by Date: [DSECRG-08-026] LFI in Open Azimyt CMS 0.22
Previous by thread: Returnil Virtual System 2008 - Password Disclosure Issue
Next by thread: [DSECRG-08-026] LFI in Open Azimyt CMS 0.22
Index(es):
- Date
- Thread