InverseFlow 2.4 Cross Site Scripting

2011-10-24T00:00:00
ID PACKETSTORM:106153
Type packetstorm
Reporter Amir Expl0its
Modified 2011-10-24T00:00:00

Description

                                        
                                            `# Exploit Title: InverseFlow v2.4 [XSS Vulnerabilities]  
# Date: [Mon Nov 07 2011]  
# Author: Amir Expl0its   
# We Are : Expl0its , Higher_sense , Black.spook & H4ckcity.net - zone-hc.com  
# Software Link: [ http://asria.info/download/script/inverseflow.zip ]  
# Version: [ InverseFlow v2.4 ]  
  
  
Vulnerable Page:  
  
ticketview.php?email=  
ticketview.php?email=&id=  
login.php  
  
  
  
Exploit:  
  
http://127.0.0.1/inver/inverseflow/ticketview.php?email= [XSS]  
http://127.0.0.1/inver/inverseflow/ticketview.php?email=&id=[XSS]  
http://127.0.0.1/inver/inverseflow/login.php?redirect=[XSS]  
`