http://www.snkenjoi.com/secadv/secadv7.txt

sNKenjoi's Security Advisory: XSS Vunerabilities in proFile


Security Advisory: XSS Vunerabilities in proFile
Severity: Medium
Title: XSS Vunerabilities in proFile

Vendor: PHPLabs
Vendor Website: http://phplabs.com/

Proof of Concept Exploits: 

XSS
http://localhost/index.php?act=load&dir=[XSS]
http://localhost/index.php?act=delete&dir=&file=[XSS]
http://localhost/index.php?act=copy&dir=&file=[XSS]
http://localhost/index.php?act=rename&dir=&file=[XSS]

snkenjoi.com & zone-h.org
snkenjoi@gmail.com