Security Advisory: AssoCIateD 1.4.4 Remote Cross Site Scripting Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"

From: tan_prathan_(at)_hotmail.com <tan_prathan_(at)_hotmail.com>
Date: 02.12.2008
Subject: AssoCIateD 1.4.4 Remote Cross Site Scripting Vulnerability

==============================================================
AssoCIateD 1.4.4 Remote Cross Site Scripting Vulnerability
==============================================================

,--^----------,--------,-----,-------^--,
| |||||||||   `--------'     |          O     .. CWH Underground Hacking Team ..
`+---------------------------^----------|
   `\_,-------, _________________________|
     / XXXXXX /`|     /
    / XXXXXX / `\   /
   / XXXXXX /\______(
  / XXXXXX /
/ XXXXXX /
(________(
`------'

AUTHOR : CWH Underground
DATE   : 27 November 2008
SITE   : cwh.citec.us

#####################################################
APPLICATION : AssoCIateD
VERSION     : 1.4.4
DOWNLOAD    : http://downloads.sourceforge.net/associated/acid_1.4.4.zip
#####################################################

---------
  XSS
---------

[+] http://[Target]/[acid_path]/index.php?p=search&menu=<XSS>

#################################################################################
######
Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK
Special Thx : asylu3, str0ke, citec.us, milw0rm.com
#################################################################################
######

# milw0rm.com [2008-11-27]