#Exploit Title 		: JohnCMS 5.1 Persistent XSS Vulnerability
#Author 		: DevilScreaM
#Date   		: 08/09/2013
#Category		: Web Applications 
#Vendor                 : http://johncms.com/
#Product Link           : http://johncms.com/download/?cat=481
#Version 		: 1.0 - 5.1

#Dork   	
intext:Powered by JohnCMS

#Vulnerability  	: Persistent XSS Vulnerability
#Tested On 		: Windows 7 32 Bit, Window XP (Mozila & Chrome)
#Greetz                 : Newbie-Security.or.id


Persistent XSS Vulnerability

1. Register to Web http://site/registration.php

2. After Register, go to Forum (http://site/forum/)

3. Select Sub Forum, and CLick New Topic

4. At "Tags" Input your XSS

Example <h1>Tested by DevilScreaM</h1>


Screenshot at New Topic

http://i43.tinypic.com/6o2xad.png

==============================================================================

Example XSS
http://www.waptok.asia/forum/index.php?id=298
http://www.waptok.asia/forum/lol123_298.html