###########################

# Mcslinc CMS Cross Site Scripting Vulnerability

###########################

 Document Title:
===============
Mcslinc CMS Cross Site Scripting

Release Date:
=============
2016-12-30


Product & Service Introduction:
===============================
Maurya Consultancy Services is primarily involved in all I.T.
related services like web services, Industrial Automation and Online advertising.
Our primary concern is to continuously upgrade our knowledge according to
changing curve of technology and to introduce new ideas and concept to
the world for which our R&D (Research and Development) department is always in process.

(Copy of the Homepage: http://mcslinc.com/ )

Exploitation Technique:
=======================
Remote

Dork:
=====
\"Design by mcslinc.com\"

Proof of Concept (PoC):
=======================
The vulnerability can be exploited by remote attackers without user account and with low user interaction.
For security demonstration or to reproduce follow the provided information and steps below to continue.

Manual steps to reproduce the vulnerability ...
1. Search Dork And Find Sites
2. Go to Admin page
3. Vulnerable File Is Login.php
4. So Enter This adress to site url:

Site.com/[Patch]/login.php?err= (Xssed Here!)
Site.com/[Patch]/login.php?err= (Xssed Here!)

Note: If its Doesn\'t Work, You Can Test this address into \"admin\" Directory, Like:

Site.com/[Patch]/Admin/login.php?err= (Xssed Here!)

Demo:
=====
http://www.raminfraspace.com/login.php?err=Xssed+By+Eagle+Security+Team
http://swaroopkart.com/admin/login.php?err=Xssed+By+Eagle+Security+Team
CWE:
====
(CWE-79)


Credits & Authors:
==================
Mr Keeper And 504w


About:
======
Eagle Security Team

###########################

# Iranian Exploit DataBase = http://IeDb.Ir [2017-01-09]

###########################