VistaReseller Panel BETA Xss Vulnerability

2008.06.17
Credit: Khashayar Fereidani
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

###################################### # VistaReseller Panel BETA Xss Vulnerability ###################################### # Discovered By Khashayar Fereidani Or Ircrash # Our Team : IRCRASH # IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr # Risk : Low ###################################### # Xss Address : http://Example/panel/index.php?option=forums # Variable : [resellerdomain] ###################################### # How Work With it : # Login In VistaReseller Panel And Open Url # Insert http://"<script>alert('xss')</script> in Text box and click (Add) Button . # Now Open the Url Again & See xss msg ###################################### # Solution : Edit Source Code And Filter Variable With htmlspecialchar() function ....... ###################################### # Khashayar Fereidani Email : irancrash[at]gmail[at]com # Tnx : God .... ######################################

References:

http://seclists.org/bugtraq/2008/Jun/0145.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top