Mcslinc CMS Cross Site Scripting

2017.01.15
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Document Title: =============== Mcslinc CMS Cross Site Scripting Release Date: ============= 2016-12-30 Product & Service Introduction: =============================== Maurya Consultancy Services is primarily involved in all I.T. related services like web services, Industrial Automation and Online advertising. Our primary concern is to continuously upgrade our knowledge according to changing curve of technology and to introduce new ideas and concept to the world for which our R&D (Research and Development) department is always in process. (Copy of the Homepage: http://mcslinc.com/ ) Exploitation Technique: ======================= Remote Dork: ===== "Design by mcslinc.com" Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers without user account and with low user interaction. For security demonstration or to reproduce follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Search Dork And Find Sites 2. Go to Admin page 3. Vulnerable File Is Login.php 4. So Enter This adress to site url: Site.com/[Patch]/login.php?err= (Xssed Here!) Site.com/[Patch]/login.php?err= (Xssed Here!) Note: If its Doesn't Work, You Can Test this address into "admin" Directory, Like: Site.com/[Patch]/Admin/login.php?err= (Xssed Here!) Demo: ===== http://www.raminfraspace.com/login.php?err=Xssed+By+Eagle+Security+Team http://swaroopkart.com/admin/login.php?err=Xssed+By+Eagle+Security+Team CWE: ==== (CWE-79) Credits & Authors: ================== Mr Keeper And 504w About: ====== Eagle Security Team


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top