url XSS in Hot Links Lite
Summary
- Vulnerability
- url XSS in Hot Links Lite
- Discovered
- 2010.11.11
- Last Update
- n/a n/a
- ID
- EV0142
- CVE
- n/a
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Unpatched. Vendor notified. No reply from developer(s)
- Vendor
- Mrcgiguy (http://www.mrcgiguy.com/)
- Vulnerable Software
- Hot Links Lite
- Version
- 1.0
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in Hot Links Lite script.
- url XSS in Hot Links Lite
- XSS vulnerability found in url parameter of process.cgi script. This can be used to insert any script code. Admin panel is vulnerable also.
PoC/Exploit
- url XSS vulnerability
- Parameter url doesn't pass any sanitation for XSS.
- XSS Example 1
- URL: javascript:[XSS]
- XSS Example 2
- URL: "><XSS>
Solution.
Solution for "url XSS in Hot Links Lite" is not available. Check Mrcgiguy website for updates.