AOH :: HP Unsorted I :: B06-2470.HTM

Iflance v1.1



iFlance v1.1
iFlance v1.1



iFlance=0D
Homepage:=0D
http://www.ifusionservices.co.uk/=0D 
=0D
Description:=0D
iFlance is a powerful freelance script, that allows anyone to run their very own own professional, profitable =0D
=0D
Freelancing website=0D
=0D
Effected files:=0D
acc_verify.php=0D
project.php=0D
all input boxes=0D
=0D
XSS BY URL Injection of acc_verify.php=0D
=0D
We put "> before and <" after the script tags to close the input box tags in the form box.=0D
=0D
<"&verify=verify=0D">http://www.example.com/account/acc_verify.php?vk="><"&verify=verify=0D 
=0D
Another XSS attack is possible if you put this in the login box as username and pw:=0D
=0D
=0D
=0D
project.php is vulnerable too due to the input boxes on it for posting a new project.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.