PicoWiki suffers from a cross site scripting vulnerability.
2db3290ae0be6fa125ed88ed8f0318a1dc8e786e0e2969c2f3a3f06b127a64c6
# Exploit Title: PicoWiki "search" Cross Site Scripting
# Date: 8.02.2012
# Author: Sony
# Software Link: http://www.picowiki.com/
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/picowiki-cross-site-scripting.html
..................................................................
Our xss (Post Method) in the search.
http://www.picowiki.com/demo/index.php/Test%20Page
http://1.bp.blogspot.com/-nBNj2zYHmJ8/TzIo1s4u0MI/AAAAAAAAAcE/EL9zFGWUwQ8/s1600/pico1.JPG
http://3.bp.blogspot.com/-dcJHobs3wpk/TzIo4-oPZNI/AAAAAAAAAcQ/4wNZtaJp1gg/s1600/pico2.JPG
..................................................................
InSecurity.Ro
Because we care, we're security aware!