| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 26 Sep 2006 10:47:00 -0000 From: meto5757@...mail.com To: bugtraq@...urityfocus.com Subject: PHP Invoice 2.2 (Billing and client Management) home.php Xss vuln. ################################################## description : ------------- PHP Invoice designed to automate your entire account, order, billing, ticket system needs. From displaying your sales content, to ordering, PHP Invoice will handle all your billing and authentication requirements with speed and ease. No Matter Webmaster, Web Designer, Business Owner, Web Hosting Company or even Developer, All you need is PHP Invoice. venedor : --------- http://www.phpinvoice.com Exploite : ---------- http://www.example.com/[path]/home.php?msg=Successfully%20updated&alert=[xss] This may allow an attacker to steal cookie-based authentication credentials . ---------------------------- Discoverd by : -------------- meto5757 ---------------------------- Greets : -------- Mesho & Basiony , KaRim (koko) , all my friends . ----------------------------
Powered by blists - more mailing lists