For the DOM XSS scanned mootools script, we should go over:
https://searchcode.com/codesearch/view/76380898/For instance value=document.cookie.match is depending on the regular expression for matching as a string.match (regexp) will find an array of matches.
example:
var cml = document.cookie.match/..../[^;]+(\d{6}\;/)[1]
This as we have a sink this.value= and value+=
Where the file manager code is concerned, there is more to skim over, like document.write('<script id = etc.
This just comes to show what we all should take into consideration while going over that code security wise.
As all code comes delivered as fit to use and not completely pentested for security flaws of sorts,
we should leave it here.
I just posted the above just as to describe that it is not all that easy as one might think of as first,
but I have to admit very, very interesting material.
Oftenthis may be rather rewarding for those that seek further security,
while the dark hats already have gone over all such flaws to seek their little worm-holes as well.
While on the other hand, this is diminishing these threats enormously:
https://sritest.io/#report/fddc96b0-314b-432f-a450-ece65572ba83 Full A-Status founf.
polonus