elefantcms vendor: http://www.elefantcms.com Version: Latest stable release: 1.0.2 Author: Karthik R (3psil0nLambDa) Email: Karthik.cupid@gmail.com My blog: www.epsilonlambda.wordpress.com Google dork: Powered by Elefant CMS ------------------------------------------------------------------------------------------------------------------------------------------------------------ Description about the CMS Elefant is a content management system written in PHP that includes a modern PHP framework for web developers. Elefant is easy-to-use and straight-forward for all levels of users. It is also secure, fast, well-documented, and well-tested. Elefant's admin tools are minimalist without sacrificing flexibility. We wanted a system that even our moms could use with little or no help, but that power users will enjoy using too. So we made hard choices to keep a lot of needless complexity out. Instead, we focus on providing a solid editing experience out-of-the-box, well-considered default settings, and just the right set of features to satisfy 90% of the sites we encounter, as opposed to sacrificing simplicity in order to solve every possible edge case. ------------------------------------------------------------------------------------------------------------------------------------------------------------ * PERSISTENT XSS VULNERABILITY : In the admin panel, input the TITLE and BODY with the following code, leading to Persistent XSS exploit in the CMS Exploit: ------------------------------------------------------------------------------------------------------------------------------------------------------------