------------------------------------------------------------------------- eSyndiCat Directory Software 2.3 - Cross-Site Scripting ( XSS ) http://www.esyndicat.com/ 25 - 11 - 2010 Avram Marius ( d3v1l ) http://twitter.com/securityshell - http://security-sh3ll.blogspot.com -------------------------------------------------------------------------- Poc: 1 http://www.esyndicat.com/demo/suggest-category.php?id=364 Suggest Category where inside Category title type something like "> Screen : http://twitpic.com/3aq5q8 -------------------------------------------------------------------------- Poc: 2 http://www.esyndicat.com/demo/suggest-listing.php?id=0 Suggest Listing where Fields Title can be "> Screen : http://twitpic.com/3aq7s0 --------------------------------------------------------------------------