[eVuln.com] url XSS in Hot Links Lite

2010-11-24T00:00:00
ID SECURITYVULNS:DOC:25168
Type securityvulns
Reporter Securityvulns
Modified 2010-11-24T00:00:00

Description

New eVuln Advisory: url XSS in Hot Links Lite http://evuln.com/vulns/142/summary.html

-----------Summary----------- eVuln ID: EV0142 Software: Hot Links Lite Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross Site Scripting Status: Unpatched. No reply from developer(s) PoC: Available Solution: Not available Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) --------Description-------- XSS vulnerability found in url parameter of process.cgi script. This can be used to insert any script code. Admin panel is vulnerable also. --------PoC/Exploit-------- PoC code is available at http://evuln.com/vulns/142/exploit.html ---------Solution---------- Not available ----------Credit----------- Vulnerability discovered by Aliaksandr Hartsuyeu http://evuln.com/tool/xss-encoder.html - XSS String Encoder