################################################
Panda ActiveScan XSS vulnerability
Vendor urL:http://www.pandasoftware.es or .com
Advisore:http://lostmon.blogspot.com/2006/08/
panda-activescan-xss-vulnerability.html
vendor notify:yes exploit available:yes
OSVDB ID:29147
Securitytracker:1016696
BID:19471
################################################
Panda ActiveScan contains a flaw that allows a remote cross site
scripting attack.This flaw exists because the application does
not validate 'email' variable upon submission to the ascan_6.asp
script.This could allow a user to create a specially crafted URL
that would execute arbitrary code in a user's browser within the
trust relationship between the browser and the server,leading
to a loss of integrity.
##########
versions:
##########
Panda ActiveScan 5.53.00
##########
Solution:
##########
Panda has release a new version of ActiveScan
at 14-08-2006
#########
timeline:
#########
discovered : 01-08-2006
vendor notify :05-08-2006
vendor response :14-08-2006
vendor fix:14-08-2006
disclosure:9-08-2005
################
test
################
http://www.pandasoftware.com/activescan/activescan/
ascan_6.asp?IdLang=2&Idvendor=17490&Idpais=63&email=
Lostmon@gmail.com%22%3E%3Cscript%3Ealert%28%27XSS%20
Vulnerability%27%29%3C/script%3E%26&pais=62&
provincia=9&tipousuario=0&enviar=1&ode=0#
######################## €nd #####################
Thnx to Estrella to be my ligth.
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
Subscribe to:
Posts (Atom)