########################## # Exploit Title: razorCMS v2.1 Cross Site Scripting # Google Dork: N/A # Date: 2017-03-30 # Exploit Author: Sh4dow # My Team:Zero Security Group # Vendor Homepage: http://razorcms.co.uk/ # Software Link: http://v2.razorcms.co.uk/archive/core/razorCMS_phoenix_v2_1.zip # Version: v2.1 # Tested on: Kali Linux # CVE : - ########################## Step by step to do: step1: Go To site Step2: Go to the search site Step3: xss write your own script and press enter ( <script>alert(document.cookie)</script> ) ---------------------------------------- Demo: http://v2.razorcms.co.uk/razor-SiteSearch.htm ---------------------------------------- # Greetz : Sh4dow And My Pc # We Are:Sh4dow - Ghostman - SOLTAN SILENT - And All Member # Iranian Underground Researchers # https://telegram.me/ZeroSecOfficial