BugTraq
[eVuln.com] url XSS in Hot Links Lite Nov 22 2010 04:02PM
bt evuln com
New eVuln Advisory:

url XSS in Hot Links Lite

http://evuln.com/vulns/142/summary.html

-----------Summary-----------

eVuln ID: EV0142

Software: Hot Links Lite

Vendor: Mrcgiguy

Version: 1.0

Critical Level: low

Type: Cross Site Scripting

Status: Unpatched. No reply from developer(s)

PoC: Available

Solution: Not available

Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )

--------Description--------

XSS vulnerability found in url parameter of process.cgi script. This can be used to insert any script code. Admin panel is vulnerable also.

--------PoC/Exploit--------

PoC code is available at http://evuln.com/vulns/142/exploit.html

---------Solution----------

Not available

----------Credit-----------

Vulnerability discovered by Aliaksandr Hartsuyeu

http://evuln.com/tool/xss-encoder.html - XSS String Encoder

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus