Hello, I'm contacting you to notify you i have found two XSS exploits in Browse.pm of BackupPC 3.2.0, the file "Browse.pm" attached to this email has been patched against this attack. Here is a PoC:
http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=1[XSS]<comes back as a valid request and runs XSS and http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=[XSS] <comes back as ERROR and runs XSS I know they look alike but they are two separate XSS exploits, due to one being a error page and the other a valid request. Thank you for your time. -Adam.E
Browse.pm
Description: Perl program
------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ BackupPC-devel mailing list BackupPC-devel@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-devel Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
