Bug: XSS in scriptat support InverseFlow Help Desk v2.31 ( Ascii Version )

Search:
WLB2

XSS in scriptat support InverseFlow Help Desk v2.31

Published
Credit
Risk
2006.11.30
SwEET-DeViL & viP HaCkEr & HaCkEr sUn
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2006-6158
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

XSS in scriptat support InverseFlow Help Desk v2.31

::::::::::::::::::::::::::::::::::::::::::::::::::::::

Discovered : SwEET-DeViL & viP HaCkEr & HaCkEr sUn
Name scriptat: InverseFlow Help Desk v2.31
tame : AL-garnei
K-S-A
::::::::::::::::::::::::::::::::::::::::::::::::::::::
####################################################################
[1]

in ticketview.php

http://www.site.com/support_path/ticketview.php?id=[xss]

http://www.site.com/support_path/ticketview.php?email=[xss]

http://www.site.com/support_path/ticketview.php?cmd=deletepost&id=[xss]

http://www.site.com/support_path/ticketview.php?cmd=deletepost&email=[xs
s]
###################################################################
[2]

in ticket.php

http://www.site.com/support_path/ticket.php?email=[xss]

#################################################################

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Greetings to all our friends .. ;

SwEET-DeViL MiaL is gamr-14 (at) hotmail (dot) com [email concealed] or m-0-t (at) hotmail (dot) com [email concealed]

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version