Computer Security

Security Advisory: VHCS --- Virtual Hosting Control System Cross Site Scripting
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  JSBoard XSS vulnerability

  [SA19922] CGI:IRC client.c Buffer Overflow Vulnerability

  Blog Mod <= 0.2.x SQL Injection

  OpenBB 1.0.8 Full Path Disclosure

From:outlaw_(at)_aria-security.net <outlaw_(at)_aria-security.net>
Date:02.05.2006
Subject:VHCS --- Virtual Hosting Control System Cross Site Scripting

#----------------------------------------------------------
#Aria-Security.net Advisory
#Discovered  by: O.U.T.L.A.W
#< www.Aria-security.net>
#Gr33t to: A.u.r.a  & R@1D3N & Smok3r
#-----------------------------------------------------------
Software: VHCS
Link: http://www.vhcs.net
Attack method: Cross Site Scripting
advisory:http://www.aria-security.net/hm/vhcs.txt

Summary:
vhcs is a powerfull Hosting Managment

Proof of Concept:
                               Admin Require

       [target]/admin/server_day_stats.
php?year=2006&month=05&day=2[xss]
       [target]/admin/server_day_stats.
php?year=2006&month=05[xss]&day=2
       [target]/admin/server_day_stats.
php?year=2006[xss]&month=05&day=2


Solution
contact me: Advisory@Aria-Security.net

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server