Brainkeeper Enterprise Wiki suffers from a cross site scripting vulnerability.
7b8b5eac1b2aedafb23a81945c6fcdbc804b7457d6c2c26bede2f8baa1281d50
# Exploit Title: Brainkeeper Enterprise Wiki "search.php" Cross Site Scripting
# Date: 6.02.2012
# Author: Sony
# Software Link: http://www.brainkeeper.com
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/brainkeeper-enterprise-wiki-searchphp.html
..................................................................
Our XSS in the search.php
https://styles.brainkeeper.net/index.php?action=search.PageSearch
http://www.brainkeeper.com/corp/search.php
http://3.bp.blogspot.com/-diIgOqKyLRs/Ty_bjWJIqXI/AAAAAAAAAaA/kgx0naDs7ec/s1600/search.JPG
http://3.bp.blogspot.com/-tZuZO4EzSEo/Ty_boXF0-aI/AAAAAAAAAaM/vHo39hO2Mjs/s1600/search2.JPG
..................................................................
InSecurity.Ro
Because we care, we're security aware!