9 lines
No EOL
616 B
Text
9 lines
No EOL
616 B
Text
source: https://www.securityfocus.com/bid/13282/info
|
|
|
|
PHP Labs proFile is prone to a cross-site scripting vulnerability. As a result, attackers may embed hostile HTML and script code in a malicious link to the affected application. If the link is followed, the code may be rendered by the victim's browser in the context of the vulnerable site.
|
|
|
|
Exploitation could allow theft of cookie-based authentication credentials or other attacks.
|
|
|
|
http://www.example.com/index.php?act=delete&dir=&file=[XSS]
|
|
http://www.example.com/index.php?act=copy&dir=&file=[XSS]
|
|
http://www.example.com/index.php?act=rename&dir=&file=[XSS] |