https://www.cacert.org/account.php?id=48 POST[domain] XSS

This is part of a code audit on cacert sources. Francesco 'ascii' Ongaro - www.ush.it

HTML POC 1

>>> POST XSS and external source load POC <<<
I'm a gateway page, as used in post xss attacks. Click send to trigger the event.

Fast check

ND, i don't have the required access level and i'm too lazy to setup a test enviroment : )

Vulnerable code

./pages/account/48.php

Summary

- POST XSS - magic quotes gpc ON - affected by user role (only logged in with right permissions)