PHP Invoice 2.2 (Billing and client Management) home.php Xss vuln.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PHP Invoice 2.2 (Billing and client Management) home.php Xss vuln.
From: meto5757@xxxxxxxxxxx
Date: 26 Sep 2006 10:47:00 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

##################################################
description :
-------------
PHP Invoice designed to automate your entire account, order, billing, ticket 
system needs. From displaying your sales content, to ordering, PHP Invoice will 
handle all your billing and authentication requirements with speed and ease.
No Matter Webmaster, Web Designer, Business Owner, Web Hosting Company or even 
Developer, All you need is PHP Invoice.

venedor :
---------
http://www.phpinvoice.com

Exploite :
----------
http://www.example.com/[path]/home.php?msg=Successfully%20updated&alert=[xss]

This may allow an attacker to steal cookie-based authentication credentials .

----------------------------
Discoverd by :
--------------
meto5757
----------------------------
Greets :
--------
Mesho & Basiony , KaRim (koko) , all my friends .
----------------------------

Prev by Date: [SECURITY] [DSA 1184-2] New Linux 2.6.8 packages fix several vulnerabilities
Next by Date: [ GLSA 200609-16 ] Tikiwiki: Arbitrary command execution
Previous by thread: [SECURITY] [DSA 1184-2] New Linux 2.6.8 packages fix several vulnerabilities
Next by thread: [ GLSA 200609-16 ] Tikiwiki: Arbitrary command execution
Index(es):
- Date
- Thread