# Exploit Title: Brainkeeper Enterprise Wiki "search.php" Cross Site Scripting
# Date: 6.02.2012
# Author: Sony
# Software Link: http://www.brainkeeper.com
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/brainkeeper-enterprise-wiki-searchphp.html
..................................................................


Our XSS in the search.php

https://styles.brainkeeper.net/index.php?action=search.PageSearch
http://www.brainkeeper.com/corp/search.php

http://3.bp.blogspot.com/-diIgOqKyLRs/Ty_bjWJIqXI/AAAAAAAAAaA/kgx0naDs7ec/s1600/search.JPG
http://3.bp.blogspot.com/-tZuZO4EzSEo/Ty_boXF0-aI/AAAAAAAAAaM/vHo39hO2Mjs/s1600/search2.JPG

..................................................................

InSecurity.Ro

Because we care, we're security aware!