info
discussion
exploit
solution
references
VegaDNS Index.PHP Cross Site Scripting Vulnerability
No exploit is required.
An example has been provided:
http://www.example.com/index.php?VDNS_Sessid=[sessid]&message=[some error msg]<iframe src="http://www.example.com">
Privacy Statement
Copyright 2010, SecurityFocus