AWCM 2.2 Final - Persistent Cross-Site Scripting

Author: _84kur10_
type: webapps
platform: php
port: 
date_added: 2011-02-14 
date_updated: 2011-02-14 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comAWCMv2.2final.zip

# Exploit Title: AWCM v2.2 final Persistent Cross Site Script
# Date: 13-02-2011
# Author:_84kur10_
# Software Link: www.awcm-cms.com
# Version: v2.2
# CVE :
# Contact: 84kur10[at]gmail.com
# Greetz to: SLG all Members, D4nb4r, Navi_terrible, J3h3s, C4br4

http://sourceforge.net/projects/awcm/files/

Register a new user, go to your main panel in
http://[url]/awcm/member_cp.php, edit your avatar and put:

" onmouseover="alert(document.cookie)"><!--

Each that hovered over the area of avatar, jump our alert. we could
make some adjustments to make stealing a cookies.