ParticleSoft Wiki v1.0.2
Effected files:
input boxes on editing pages:
XSS Proof of concept:
We notice br tags are allowed, so by using a STYLE attribute using a comment to
break up expression we can create a XSS vuln:
Put the following in when editing a page:
<br IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
Thanks to Rsnake & Roman Ivanov for the above xss example code.
