source: https://www.securityfocus.com/bid/13282/info
PHP Labs proFile is prone to a cross-site scripting vulnerability. As a result, attackers may embed hostile HTML and script code in a malicious link to the affected application. If the link is followed, the code may be rendered by the victim's browser in the context of the vulnerable site.
Exploitation could allow theft of cookie-based authentication credentials or other attacks.
http://www.example.com/index.php?act=delete&dir=&file=[XSS]
http://www.example.com/index.php?act=copy&dir=&file=[XSS]
http://www.example.com/index.php?act=rename&dir=&file=[XSS]