Entries Tagged with ‘rad user manager’

Rad User Manager XSS Vulnerabilities

May 1, 2010 en XSS by
, , , , , , , 0 Comments

View the txt advisory/exploit here. >> #1 Vulnerability Type = XSS Almost every parameter accepting user input is vulnerable. Examples: members/login.php?username=[XSS] members/signup.php?username=[XSS] admin/userdetails.php?userId=[XSS] >> Additional Information When being installed, the Rad User Manager creates two accounts with default passwords: Login: “admin” Password: “radmin” Login: “user” Password: “radmin”

(Continue reading…)