PHPX Multiple Vulnerabilities

There is no exploit required for these issues. The following cross-site scripting examples were provided:

main.inc.php?keywords='><script>alert(document.cookie)</script>
help.inc.php?body='><script>alert(document.cookie)</script>

The following proof of concept has been provided by Ryan Wray for the insecure session id issue:


 

Privacy Statement
Copyright 2010, SecurityFocus