Skip to content

Parameter not escaped #76

New issue
New issue
Open
Open
Parameter not escaped#76
@Sinkmanu

Description

@Sinkmanu
Sinkmanu
opened on Jul 6, 2016

Hello, I found a vulnerability that allow inject javascript (XSS) and HTML. This vulnerability is in ip2c.php and the parameter qText

PoC: http://localhost/.inc/ip2c.php?qText="/>HTML CODE

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions