# Exploit Title: PicoWiki "search" Cross Site Scripting
# Date: 8.02.2012
# Author: Sony
# Software Link: http://www.picowiki.com/
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/picowiki-cross-site-scripting.html
..................................................................

Our xss (Post Method) in the search.

http://www.picowiki.com/demo/index.php/Test%20Page

http://1.bp.blogspot.com/-nBNj2zYHmJ8/TzIo1s4u0MI/AAAAAAAAAcE/EL9zFGWUwQ8/s1600/pico1.JPG

http://3.bp.blogspot.com/-dcJHobs3wpk/TzIo4-oPZNI/AAAAAAAAAcQ/4wNZtaJp1gg/s1600/pico2.JPG


..................................................................

InSecurity.Ro

Because we care, we're security aware!