Hi People of PacketStormSecurity ! I want to report a XSS & RFI Vulnerability in WedEditor. +========================================================================+ + WebEditor <= 1.0.4 XSS & RFI Multiple Remote Vulnerabilities + +========================================================================+ Author(s): Ivan Sanchez & Maximiliano Soler Product: Namo WebEditor Web: http://www.namo.com/products/webeditor.php Versions: 1.0.4 (or less). Date: 21/01/2008 GOOGLE DORKS: ------------ [+] inurl:"webeditor.php" intext:"login" EXPLOIT: -------- For example...after the variable "id" http://www.[DOMAIN].tld/webeditor.php?id=[XSS or RFI] NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs! +========================================================================+ + WebEditor <= 1.0.4 XSS & RFI Multiple Remote Vulnerabilities + +========================================================================+ -- Maximiliano Soler. Reports & Review Code. Null Code Services. www.nullcode.com.ar ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.