# Exploit Title: AWCM v2.2 final Persistent Cross Site Script # Date: 13-02-2011 # Author:_84kur10_ # Software Link: www.awcm-cms.com # Version: v2.2 # CVE : # Contact: 84kur10[at]gmail.com # Greetz to: SLG all Members, D4nb4r, Navi_terrible, J3h3s, C4br4 http://sourceforge.net/projects/awcm/files/ Register a new user, go to your main panel in http://[url]/awcm/member_cp.php, edit your avatar and put: " onmouseover="alert(document.cookie)"><!-- Each that hovered over the area of avatar, jump our alert. we could make some adjustments to make stealing a cookies.
Related ExploitsMatching CVEs (0): N/A
Matching OSVDBs (0): N/A
Matching setup file: 22a6a1a39b78b8b8c9169b6b313f7b59
|2010-06-10||13810||AWCM CMS - Local File Inclusion||SwEET-DeViL|
|2011-01-26||16049||AWCM 2.2 Final - Local File Inclusion||Cucura|