|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
VHCS --- Virtual Hosting Control System Cross Site Scripting
outlaw
aria-security.net
Date: Mon May 01 2006 - 21:39:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
#----------------------------------------------------------
#Aria-Security.net Advisory
#Discovered by: O.U.T.L.A.W
#< www.Aria-security.net>
#Gr33t to: A.u.r.a & R1D3N & Smok3r
#-----------------------------------------------------------
Software: VHCS
Link: http://www.vhcs.net
Attack method: Cross Site Scripting
advisory:http://www.aria-security.net/hm/vhcs.txt
Summary:
vhcs is a powerfull Hosting Managment
Proof of Concept:
Admin Require
[target]/admin/server_day_stats.php?year=2006&month=05&day=2[xss]
[target]/admin/server_day_stats.php?year=2006&month=05[xss]&day=2
[target]/admin/server_day_stats.php?year=2006[xss]&month=05&day=2
Solution
contact me: AdvisoryAria-Security.net
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]