lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20080616163027.15464.qmail@securityfocus.com>
Date: 16 Jun 2008 16:30:27 -0000
From: irancrash@...il.com
To: bugtraq@...urityfocus.com
Subject: VistaReseller Panel BETA Xss Vulnerability

######################################
# VistaReseller Panel BETA Xss Vulnerability
######################################
# Discovered By Khashayar Fereidani Or Ircrash
# Our Team : IRCRASH
# IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr
# Risk : Low
######################################
# Xss Address : http://Example/panel/index.php?option=forums
# Variable : [resellerdomain]
######################################
# How Work With it :
# Login In VistaReseller Panel And Open Url
# Insert http://"<script>alert('xss')</script> in Text box and click (Add) Button .
# Now Open the Url Again & See xss msg
######################################
# Solution : Edit Source Code And Filter Variable With htmlspecialchar() function .......
######################################
# Khashayar Fereidani Email : irancrash[at]gmail[at]com
# Tnx : God ....
######################################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ