BACS DEMO persistent XSS vulnerabilties vendor: www.bacsdemo.com Author: Karthik R (3psil0nLambDa) Email: Karthik.cupid@gmail.com My blog: epsilonlambda.co.cc Google dork: Copyright © 2009 Coupon codes Exploits: Persistent XSS vulnerability in the admin panel->static page->add new section. In html mode type the following string: "> Click update. Javascript alert box pops up \m/ Persistent XSS vulnerability in admin panel->tags->manage tags and also in the add new tag field section. In the search box type in the following string. ">

Hacker

The webpage is defaced with the following marquee on the screen.\m/ ------------------------------------------------------------------------------------------- Tribite to side^effects and love to taashu. -------------------------------------------------------------------------------------------