xFlow index.php Multiple Variable XSS

2006-04-18T11:02:37
ID OSVDB:24775
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2006-04-18T11:02:37

Description

Manual Testing Notes

/members_only/index.cgi?id=4&username=r0t&seed=rjzzBzfrMplgqQMojRgrnALJMoiUeAdlxswNQvbo&action=view_downline&level=[XSS]&position=10

/members_only/index.cgi?id=4&username=r0t&seed=rjzzBzfrMplgqQMojRgrnALJMoiUeAdlxswNQvbo&action=view_downline&level=Direct&position=1[XSS]

/members_only/index.cgi?id=[XSS]&username=r0t&seed=TfgNxKhyqEELQQQKizBWyVShdbOpfugMaQhpuGqI

/members_only/index.cgi?id=4&username=r0t&seed=rjzzBzfrMplgqQMojRgrnALJMoiUeAdlxswNQvbo&action=[XSS]&level=&position=10

/customer_area/index.cgi?id=1&username=r0t&seed=pWltDqcPcLuedZnXTwCNWldbpJmQANHFHfFvveFY&page=[XSS]

References:

Vendor URL: http://www.skymarx.com/affiliate_software.html Secunia Advisory ID:19707 Related OSVDB ID: 24776 Related OSVDB ID: 24774 Other Advisory URL: http://pridels.blogspot.com/2006/04/xflow-v5x-multiple-vuln.html