• info
• discussion
• exploit
• solution
• references

PHP Transparent Session ID Cross Site Scripting Vulnerability

The following proof of concept URL has been made available:

http://www.example.org/index.php?PHPSESSID="><script>...</script>