Vendor : http://foojan.soltoononline.com A complete Persian PHP Weblog (WMS) Example Information Disclosure: http://[target]/[foojan]/adminmodules/daylinks/index.php http://[target]/[foojan]/index.php?daylinkspage=-1 Refferer Html Injection Where : in gmain.php $Weblog-> query ("INSERT INTO `visits` ( `id` , `ip` , `refferer` , `date` , `time` ) VALUES ( '', '".$_SERVER['HTTP_USER_AGENT']."', '".$_SERVER['HTTP_REFERER']."', '$num', '$num2' );"); So Attacker Can Inject HTML code in refferer field with HTTP HEADER and it will be executed in the index.php and admin.php .
