A reflected xss flaw exists in the w3-msql error page.
google dork : "W3-mSQL Error! - Can't stat script file (/" Just insert a script from the start of / like if u get a URL like:- http://localhost/cgi-bin/w3-msql/journal/ijcd/index.html and the error page output as :- W3-mSQL Error! - Can't stat script file (/journal/ijcd/index.html) u can try this:- A reflected xss flaw exists in the w3-msql error page. google dork : "W3-mSQL Error! - Can't stat script file (/" Just insert a script from the start of / like if u get a URL like:- http://localhost/cgi-bin/w3-msql/<script>alert('xss')</script> to confirm the issue
