Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

BellaBook Admin Bypass/Remote Code Execution

BellaBiblio Admin Login Bypass

RFI ====> vBulletin v3.6.5

Dora Emlak Script v1.0 (tr) Admin Login ByPass

From:	h4ck3riran_(at)_yahoo.com <h4ck3riran_(at)_yahoo.com>
Date:	31 июля 2007 г.
Subject:	[Aria-security] itcms 0.2 Cross-site Scripting (XSS)

[Aria-Security]


# Tilte: itcms 0.2 Cross-site Scripting (XSS)
# <www.Aria-security.Com For English >
# <www.Aria-Security.net For Persian >
# < Author: You_You >
# < Software: itcms >
# < Site Script:http://sourceforge.net/projects/itcms/ >

proof Of Concept :


local/[path]/lang-en.php?wndtitle=[Xss-script]
local/[path]/menu-ed.php?wndtitle=[Xss-script]
local/[path]/titletext-ed.php?wndtitle=[Xss-script]