bugtraq June 2008 archive
Main Archive Page > Month Archives  > bugtraq archives
bugtraq: VistaReseller Panel BETA Xss Vulnerability

VistaReseller Panel BETA Xss Vulnerability

From: <irancrash_at_nospam>
Date: Mon Jun 16 2008 - 16:30:27 GMT
To: bugtraq@securityfocus.com
('binary' encoding is not supported, stored as-is) ######################################
# VistaReseller Panel BETA Xss Vulnerability
######################################
# Discovered By Khashayar Fereidani Or Ircrash
# Our Team : IRCRASH
# IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr
# Risk : Low
######################################
# Xss Address : http://Example/panel/index.php?option=forums
# Variable : [resellerdomain]
######################################
# How Work With it :
# Login In VistaReseller Panel And Open Url
# Insert http://"<script>alert('xss')</script> in Text box and click (Add) Button .
# Now Open the Url Again & See xss msg
######################################
# Solution : Edit Source Code And Filter Variable With htmlspecialchar() function .......
######################################
# Khashayar Fereidani Email : irancrash[at]gmail[at]com
# Tnx : God ....
######################################