https://www.cacert.org/account.php?id=42 POST[email] XSS
This is part of a code audit on cacert sources. Francesco 'ascii' Ongaro - www.ush.it
HTML POC 1
 >>> POST XSS and external source load POC <<<
I'm a gateway page, as used in post xss attacks.

 Click send to trigger the event.

 

Fast check

ND, i don't have the required access level and i'm
too lazy to setup a test enviroment : )

Vulnerable code

./pages/account/42.php
    

Summary
- POST XSS
- magic quotes gpc ON
- affected by user role (only logged in with right permissions)