# Exploit Title: AWCM v2.2 final Persistent Cross Site Script# Date: 13-02-2011# Author:_84kur10_# Software Link: www.awcm-cms.com# Version: v2.2# CVE :# Contact: 84kur10[at]gmail.com# Greetz to: SLG all Members, D4nb4r, Navi_terrible, J3h3s, C4br4
http://sourceforge.net/projects/awcm/files/
Register a new user, go to your main panel in
http://[url]/awcm/member_cp.php, edit your avatar and put:" onmouseover="alert(document.cookie)"><!--
Each that hovered over the area of avatar, jump our alert. we could
make some adjustments to make stealing a cookies.
