vhcsXSS.txt

2006-05-05T00:00:00
ID PACKETSTORM:46045
Type packetstorm
Reporter O.U.T.L.A.W
Modified 2006-05-05T00:00:00

Description

                                        
                                            `#----------------------------------------------------------  
#Aria-Security.net Advisory  
#Discovered by: O.U.T.L.A.W  
#< www.Aria-security.net>  
#Gr33t to: A.u.r.a & R@1D3N & Smok3r  
#-----------------------------------------------------------  
Software: VHCS  
Link: http://www.vhcs.net  
Attack method: Cross Site Scripting  
advisory:http://www.aria-security.net/hm/vhcs.txt  
  
Summary:  
vhcs is a powerfull Hosting Managment  
  
Proof of Concept:  
Admin Require   
  
[target]/admin/server_day_stats.php?year=2006&month=05&day=2[xss]  
[target]/admin/server_day_stats.php?year=2006&month=05[xss]&day=2  
[target]/admin/server_day_stats.php?year=2006[xss]&month=05&day=2  
  
  
Solution  
contact me: Advisory@Aria-Security.net  
  
`