InverseFlow version 2.4 suffers from multiple cross site scripting vulnerabilities.
6d58621745c9445aa8e48b328ff3f2cbb28a3eddc45c49e3963eefaf7b723404
# Exploit Title: InverseFlow v2.4 [XSS Vulnerabilities]
# Date: [Mon Nov 07 2011]
# Author: Amir Expl0its
# We Are : Expl0its , Higher_sense , Black.spook & H4ckcity.net - zone-hc.com
# Software Link: [ http://asria.info/download/script/inverseflow.zip ]
# Version: [ InverseFlow v2.4 ]
Vulnerable Page:
ticketview.php?email=
ticketview.php?email=&id=
login.php
Exploit:
http://127.0.0.1/inver/inverseflow/ticketview.php?email= [XSS]
http://127.0.0.1/inver/inverseflow/ticketview.php?email=&id=[XSS]
http://127.0.0.1/inver/inverseflow/login.php?redirect=[XSS]