# Exploit Title: MoniWiki Cross Site Scripting # Date: 17.02.2012 # Author: Sony # Software Link: http://moniwiki.kldp.net/wiki.php # Google Dorks: inurl:En~UserPreferences intext:moniwiki # Web Browser : Mozilla Firefox # Blog : http://st2tea.blogspot.com # PoC: http://st2tea.blogspot.com/2012/02/moniwiki-cross-site-scripting.html .................................................................. in the login&password : put our xss code in the login and password and press button "enter". http://moniwiki.kldp.net/wiki.php/MoniWiki http://3.bp.blogspot.com/-2Ln1ZDfGORE/Tz4cceOd9iI/AAAAAAAAAgY/q6FdJohwM_o/s1600/moniwiki-login.JPG http://3.bp.blogspot.com/-zrdL96_0NE8/Tz4cfdChfqI/AAAAAAAAAgk/UUggyXl4MUU/s1600/monwiki2.JPG