by r0t,der4444,cembo,VietMafia

Thursday, December 01, 2005

QualityPPC XSS vuln.

QualityPPC XSS vuln.

Vuln. dicovered by : r0t
Date: 1 dec. 2005
Vendor:http://www.qualityebiz.com/main/qppc.php
affected version:1553 and prior

Product Description:
QualityPPC has the latest technology which offers you more potentials to generate revenue. All future upgrades are free and continue. Current Features, 35+ Pre-installed XML feed, Country filter for local/xml traffic, listing by indexing or rotation, multiple member type for your affiliate, Support PayPal, Egold, and MoneyBooker, Online Elite proxy finder, and many option setting which can be flexibly fit to your business preferances. you get everything in a reasonable price.


Vuln. Description:
Input passed to the parameters in search module isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew