============================================
CMS Balitbang Depdiknas v3.4 HTML Injection
============================================

:----------------------------------------------------------------------------------------------------:
: # Exploit Title : CMS Balitbang Depdiknas v3.4 HTML Injection
: # Date          : 30 September 2012
: # Author        : xevil
: # Google Dork   : inurl:'.sch.id' intext:'Balitbang Depdiknas versi 3.4' 
: # Category      : Website Page Vulnerabillity
: # Vulnerability : Textarea HTML Injection
: # Greetz to     : BogorHackers Community @http://bogorhacker.net
:----------------------------------------------------------------------------------------------------:

Summary
================
Ministry Balitbang CMS v3.4 is a Content Management System (CMS) which is used to build a web-based education.

Description
================
CMS has a weakness in an index file that resides in the member directory, which actually functioned to change the display language of the page using CSS. There is a weakness that allows us to manipulate textarea where writing scripts.

Proof of Concept
================
1. Login to the member page, then go to the link Costumes Theme
2. Note the CSS textarea that contains the script:
-------------------------------------------------- -------------------
body {/ * background image * /
font-family: "Arial", serif;
font-size: 76%;
margin-top: 0px;
color: # 666666;
background: # fff url (back.jpg) repeat-x;
}
# content {/ * width web layout middle * /
width: 900px;
margin-left: auto;
margin-right: auto;
background-color: # FFFFFF;
}
-------------------------------------------------- -----------------
3. With the tag </ style> at the end, then we can enter HTML or Javascript script underneath.
4. After that, click on the save button

[+]---------------------------------- [ xevil ] -------------------------------[+]
If successful, you will see your file was successfully executed on the page.
----------------------------------------------------------------------------------