14 lines
No EOL
447 B
Text
14 lines
No EOL
447 B
Text
Title: SchoolCMS Persistant XSS.
|
|
#Date: 03/12/12
|
|
#Author: VipVince
|
|
#Vendor: www.poweritschools.com
|
|
#Google Dork: /old_core/cal/eventform.php
|
|
#Tested on: Windows.
|
|
|
|
This is a Persistant XSS used in the software by many schools.
|
|
|
|
About 225 results (0.21 seconds)
|
|
|
|
The vulnerability lies in the eventform.php file.
|
|
|
|
Entering your JavaScript into the form boxes and saving the event will store and trigger your persistent XSS script. Simplez. Have fun. |