# Exploit Title: HtmlCommentBox Multiple Vulnerabilities # Release Date: 01/06/2013 # Author: Rafay Baloch And Deepankar Arora # Website: www.rafayhackingarticles.net # Contact: www.rafayhackingarticles.net # Vendor: www.htmlcommentbox.com # Versions Affected: All # Google Dork: intext:"by HtmlCommentBox" 1. Stored Cross-Site Scripting Vulnerability- Description: The comment input in HtmlCommentBox is not sanitized. Therefore it results in a stored cross-site scripting. POC: Input any of the following as comment-