Vulnerability discovery and development:
This vulnerability was discovered during an application assessment. Further research was then carried out post assessment.The vendor has been notified.
Credit for Discovery:
Tim Brown of Portcullis Computer Security Ltd.
All known versions of P-Synch.
It is possible to pass a remote URL for a style sheet to the P-Synch Windows domain password reset web application within the style parameter, which will then be referenced in the web pages returned.
Exploit code is not required.