Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

E-SMART CART (productsofcat. asp) Remote SQL Injection Vulnerability

Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )

PHP JOBWEBSITE PRO (JobSearch3. php) SQL Injection Vulnerability

[ECHO_ADV_98$2008] Pre Ads Portal <= 2.0 Sql Injection Vulnerability

From:	irancrash_(at)_gmail.com <irancrash_(at)_gmail.com>
Date:	16.06.2008
Subject:	VistaReseller Panel BETA Xss Vulnerability

######################################
# VistaReseller Panel BETA Xss Vulnerability
######################################
# Discovered By Khashayar Fereidani Or Ircrash
# Our Team : IRCRASH
# IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr
# Risk : Low
######################################
# Xss Address : http://Example/panel/index.php?option=forums
# Variable : [resellerdomain]
######################################
# How Work With it :
# Login In VistaReseller Panel And Open Url
# Insert http://"<script>alert('xss')</script> in Text box and click (Add) Button .
# Now Open the Url Again & See xss msg
######################################
# Solution : Edit Source Code And Filter Variable With htmlspecialchar() function .......
######################################
# Khashayar Fereidani Email : irancrash[at]gmail[at]com
# Tnx : God ....
######################################