BACS DEMO persistent XSS vulnerabilties
vendor: www.bacsdemo.com
Author: Karthik R (3psil0nLambDa)
Email: Karthik.cupid@gmail.com
My blog: epsilonlambda.co.cc
Google dork: Copyright © 2009 Coupon codes
Exploits:
Persistent XSS vulnerability in the admin panel->static page->add new section. In html mode type the following string:
">
Click update. Javascript alert box pops up \m/
Persistent XSS vulnerability in admin panel->tags->manage tags and also in the add new tag field section. In the search box type in the following string.
">
The webpage is defaced with the following marquee on the screen.\m/
-------------------------------------------------------------------------------------------
Tribite to side^effects and love to taashu.
-------------------------------------------------------------------------------------------