sNKenjoi's Security Advisory: XSS Vunerabilities in Multiple CityPost Software


Security Advisory: XSS Vunerabilities in Multiple CityPost Software
Severity: Medium
Title: XSS Vunerabilities in Simple PHP Upload, Simple Image Editor
and Automated Link Exchange


Vendor: Allen Kim
Vendor Website: http://tech.citypost.ca/

Proof of Concept Exploits: 

Simple PHP Upload - XSS
http://localhost/simple-upload-53.php?message=[XSS]

Simple Image Editor - XSS's in 5 seperate places
http://localhost/image-editor-52/?m1=[XSS]&m2=[XSS]&m3=[XSS]&imgsrc=[XSS]&m4=[XSS]

Automated Link Exchange - XSS
http://localhost/lnkx/message.php?msg=[XSS]

snkenjoi.com & zone-h.org
snkenjoi@gmail.com
-- 
snkenjoi.com