This vulnerability do not need to login.digest.php use the REQUEST method in a wrong way to accept parameters，the malicious user could submit xss code on this page and an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

exp:

http://tes...

[ more ]