Sandata SanaCMS 7.3 Cross Site Scripting

2017.02.08

Credit: Hosein Askari

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: intext:"SANADATA | SanaCMS 7.3"

#####
#Exploit Title: SANADATA | SanaCMS 7.3 Cross Site Scripting
#Exploit Author: Hosein Askari
#Vendor HomePage: https://www.sanadata.com/|
#Version : 7.3
#Dork : intext:"SANADATA | SanaCMS 7.3"
#Tested on:Parrot OS
#Date: 3-2-2017
#Category: webapps
#Vulnerability Path : http://127.0.0.1/fa/index.asp?p=search&search=
#Command For Testing:
#xsser -u "http://127.0.0.1/en/index.asp?p=search&search="
# Author Mail :hosein.askari@aol.com
#####

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Sandata SanaCMS 7.3 Cross Site Scripting

Dork: intext:"SANADATA | SanaCMS 7.3"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.