Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15875
HistoryJan 28, 2007 - 12:00 a.m.

PHP Membership Manager Cross-Site Scripting Vulnerability

2007-01-2800:00:00
vulners.com
15
JSON

PHP Membership Manager Cross-Site Scripting Vulnerability

PHP Membership Manager is a browser based tool which allows a site owner to easily manage an unlimited
number of username / password accounts and groups which access secure, protected areas of a web site
which require logging in before accessing.

This issue is due to a failure in the application to properly sanitize user-supplied input. Attackers
may exploit this issue via a web client. This may help the attacker steal cookie-based authentication
credentials and launch other attacks. A successful exploit could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the underlying database
implementation.

Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz

Remote: NO
Local: Yes
Class: Input Validation Error

vendor: www.interactive-scripts.com
version: v1.5

Exploit: Manager Panel admin.php

Example: www.site.com/path/php_mm1.4/admin.php?_p=XSS=_approval_users

Online Demo: www.interactive-scripts.com/php_mm/demo.html

JSON