tablatronix
commented
10 years ago This is in the development branch and was intended as such. This is a fatal catch for testing issues with #462
Closed 0xshyam closed 10 years ago
tablatronix
commented
10 years ago This is in the development branch and was intended as such. This is a fatal catch for testing issues with #462
Hai,
It is observed that the application is not sanitizing the user supplied input(URI) before reflecting the same in the response. When an attacker tries to inject the XSS payloads via URI i.e. he/she is greeted with the following error "PHP_SELF mismatch PATH(URI)"
So my payload will be something like this GetSimpleCMS-master/index.php/XSS_PAYLOAD
Note: This scenario is observed throughout the application.