Mcslinc CMS Cross Site Scripting

Risk: Low
Local: No
Remote: Yes

Document Title: =============== Mcslinc CMS Cross Site Scripting Release Date: ============= 2016-12-30 Product & Service Introduction: =============================== Maurya Consultancy Services is primarily involved in all I.T. related services like web services, Industrial Automation and Online advertising. Our primary concern is to continuously upgrade our knowledge according to changing curve of technology and to introduce new ideas and concept to the world for which our R&D (Research and Development) department is always in process. (Copy of the Homepage: ) Exploitation Technique: ======================= Remote Dork: ===== "Design by" Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without user account and with low user interaction. For security demonstration or to reproduce follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Search Dork And Find Sites 2. Go to Admin page 3. Vulnerable File Is Login.php 4. So Enter This adress to site url:[Patch]/login.php?err= (Xssed Here!)[Patch]/login.php?err= (Xssed Here!) Note: If its Doesn't Work, You Can Test this address into "admin" Directory, Like:[Patch]/Admin/login.php?err= (Xssed Here!) Demo: ===== CWE: ==== (CWE-79) Credits & Authors: ================== Mr Keeper And 504w About: ====== Eagle Security Team

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018,


Back to Top