PHP Invoice 2.2 (Billing and client Management) home.php Xss vuln.

---

• From: meto5757@xxxxxxxxxxx
• Date: 26 Sep 2006 10:47:00 -0000

---

##################################################
description :
-------------
PHP Invoice designed to automate your entire account, order, billing, ticket system needs. From displaying your sales content, to ordering, PHP Invoice will handle all your billing and authentication requirements with speed and ease.
No Matter Webmaster, Web Designer, Business Owner, Web Hosting Company or even Developer, All you need is PHP Invoice.

venedor :
---------
http://www.phpinvoice.com

Exploite :
----------
http://www.example.com/[path]/home.php?msg=Successfully%20updated&alert=[xss]

This may allow an attacker to steal cookie-based authentication credentials .

----------------------------
Discoverd by :
--------------
meto5757
----------------------------
Greets :
--------
Mesho & Basiony , KaRim (koko) , all my friends .
----------------------------

---

• Prev by Date: [SECURITY] [DSA 1184-2] New Linux 2.6.8 packages fix several vulnerabilities
• Next by Date: [Whitepaper] - Access over Ethernet: Insecurities in AoE
• Previous by thread: [SECURITY] [DSA 1184-2] New Linux 2.6.8 packages fix several vulnerabilities
• Next by thread: [Whitepaper] - Access over Ethernet: Insecurities in AoE
• Index(es):
  • Date
  • Thread

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)