Hi Adam,

Thanks for the report.

I'm not really familiar with XSS attacks, but would a regex check (/^[0-9]+$/) on the backup number (num) be enough to stop these attacks?

Cheers,
GFK's

Le 2011-01-18 15:11, AA AA a écrit :
Hello,

I'm contacting you to notify you i have found two XSS exploits in Browse.pm of BackupPC 3.2.0, the file "Browse.pm" attached to this email has been patched against this attack. Here is a PoC:

http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=1[XSS] <comes back as a valid request and runs XSS

and

http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=[XSS] <comes back as ERROR and runs XSS

I know they look alike but they are two separate XSS exploits, due to one being a error page and the other a valid request. Thank you for your time.