Anantasoft Gazelle CMS 1.0 Cross Site Scripting

Anantasoft Gazelle CMS 1.0 Cross Site Scripting: Posted Jun 21, 2012; Authored by $1l3n7 @$$@$$17; Anantasoft Gazelle CMS version 1.0 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 237230e8444c4dc90ee11c4aefd55441f80d751abd272c8cce21ae3c8a932068; Download | Favorite | View

Anantasoft Gazelle CMS 1.0 Cross Site Scripting

  ____/\______.__  ________      _________     _____  ____/\__
____/\__  _____  ____/\__ ____/\______
 /   / /_/_   |  | \_____  \  ___\______  \   / ___ \/   / /_//   /
/_/ / ___ \/   / /_//   / /_/_   | ____
 \__/ / \ |   |  |   _(__  < /    \  /    /  / / ._\ \__/ / \ \__/ / \
/ / ._\ \__/ / \ \__/ / \ |   |/    \
 / / /   \|   |  |__/       \   |  \/    /  <  \_____/ / /   \/ / /
<  \_____/ / /   \/ / /   \|   |   |  \
/_/ /__  /|___|____/______  /___|  /____/    \_____\/_/ /__  /_/ /__
/\_____\/_/ /__  /_/ /__  /|___|___|  /
  \/   \/                 \/     \/                   \/   \/  \/   \/
         \/   \/  \/   \/          \/


------------------------------------------------------------------------------

-------------------------------------------------------------------


    TITLE:  Anantasoft Gazelle CMS Admin Panel Multiple stored XSS
    Vendor:  Anantasoft Gaselle CMS
    Author: $1l3n7 @$$@$$17
    Email:  sil3ntb0t@gmail.com


    Download Link: http://www.anantasoft.com/index.php?Gazelle%20CMS/Download
    Versions: 1.0
    Tested on: Windows7
------------------------------------------------------------------------------


------------------------------------------------------------------------------
Description :  Anantasoft's Gazelle CMS apparantly found it's way to a
magazine: the
               January 2009 edition of LinuxFormat. Or rather: it's
editors found their
               way to Gazelle CMS. Anantasoft.com
<http://www.anantasoft.com/index.php> has ranked 2nd in the CMS Awards
               Popular Awards in the category SEO 2008.
               Anantasoft Gaselle CMS 1.0  is vulnerable to stored xss
due to improper
               input sanitization.An attacker can inject arbitrary
java script and can
               be used for session hijacking.

  DEMO:
  A)Persistent XSS
       http://localhost/gazelle/admin/index.php?Users


       DEMO: http://www.opensourcecms.com/demo/2/193/Anantasoft+Gazelle+CMS

         In  Add User Tab ->  Username Field

         In  Add Usergroup Tab -> User group field

         In Modules -> Create Module -> Module name field

         In Menu -> Add menu -> Menu Name field

         POST DATA= "'-->><script>alert(0)</script>



----------------------------------------------------------------------------

gr33t1ngs and ShOuTZ to r007k17-w and all my friends..

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Anantasoft Gazelle CMS 1.0 Cross Site Scripting

Anantasoft Gazelle CMS 1.0 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Anantasoft Gazelle CMS 1.0 Cross Site Scripting

Share This

Anantasoft Gazelle CMS 1.0 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems