Hot Links Lite 1.0 Cross Site Scripting

2010-11-23T00:00:00
ID PACKETSTORM:96072
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2010-11-23T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
sitename XSS in Hot Links Lite  
Summary: http://evuln.com/vulns/143/summary.html   
Details: http://evuln.com/vulns/143/description.html   
  
-----------Summary-----------  
eVuln ID: EV0143  
Software: Hot Links Lite  
Vendor: Mrcgiguy  
Version: 1.0  
Critical Level: low  
Type: Cross Site Scripting  
Status: Unpatched. No reply from developer(s)  
PoC: Available  
Solution: Not available  
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )  
--------Description--------  
XSS vulnerability found in sitename parameter of process.cgi script.  
This can be used to insert any html or script code.  
Admin panel is vulnerable also.  
--------PoC/Exploit--------  
sitename XSS vulnerability  
Parameter sitename is not sanitized for XSS.  
  
XSS Example  
sitename: <XSS>  
---------Solution----------  
Not available  
----------Credit-----------  
Vulnerability discovered by Aliaksandr Hartsuyeu  
http://evuln.com/tool/sql-encoder.html - SQL string encoder  
`