easyAdmin2Pro Cross Site Scripting

easyAdmin2Pro Cross Site Scripting: Posted Jan 11, 2010; Authored by lossless | Site secworm.net; easyAdmin2Pro suffers from a cross site scripting vulnerability.; tags | advisory, xss; SHA-256 | ba74bafb4196e0b1a769cca4fedf7fec8e5ee97f9da06d6b0be472c2e6ab6ab4; Download | Favorite | View

easyAdmin2Pro Cross Site Scripting

SecWorm.net - Advisory
http://SecWorm.net/

XSS vulnerability on easyAdmin2Pro
----------------------------------------------------------------------------------
1. Advisory Information:
----------------------------------------------------------------------------------
Title:- XSS vulnerability on easyAdmin2Pro
Advisory ID:- SecWorm_Network_2010-1
Advisory URL:- http://secworm.net/showthread.php?thread-119.html

----------------------------------------------------------------------------------
2. Vulnerability Information:
----------------------------------------------------------------------------------
Class:- Cross Site Scripting Injection
Remotely Exploitable:- yes
Locally Exploitable:- yes

----------------------------------------------------------------------------------
3. Vulnerability Description:
----------------------------------------------------------------------------------
The login form on easyAdmin2Pro is vulnerable to XSS injections.  Login
page: http://www.site.com/easyadmin/index.php .  The email field on this
page is not sanitized, so a user can put any script in here that they want.

----------------------------------------------------------------------------------
4. POC [Proof of Concept]:
----------------------------------------------------------------------------------
http://img69.imageshack.us/img69/9964/easyadminpoc.jpg

----------------------------------------------------------------------------------
5. Credits:
----------------------------------------------------------------------------------
Discovered by lossless from SecWorm Network

----------------------------------------------------------------------------------
6. Report Timeline:
----------------------------------------------------------------------------------
1/09/10 - lossless discovers vulnerability and notifies authors.
Further contact pending.


----------------------------------------------------------------------------------
7. About SecWorm Network:
----------------------------------------------------------------------------------
SecWorm Network is a group of Security Researchers & Ethical hackers with
the motto of security awareness and helping others to secure themselves.
Everyone can reach to us at http://www.SecWorm.net/


----------------------------------------------------------------------------------
8. Disclaimer & Copyright:
----------------------------------------------------------------------------------
The contents of this advisory are copyright © 2009 SecWorm Network, and may
be distributed freely provided that and proper credit is given.

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

easyAdmin2Pro Cross Site Scripting

easyAdmin2Pro Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

easyAdmin2Pro Cross Site Scripting

Share This

easyAdmin2Pro Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems