bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/37715.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

27 lines
No EOL
843 B
Text
Raw Permalink Blame History

# Exploit Title: Tendoo CMS Stored And Reflected Xss Vulnerability
# Google Dork: N/A
# Date: 28/7/2015
# Exploit Author: Arash Khazaei
# Vendor Homepage: http://tendoo.org/
# Software Link: http://sourceforge.net/projects/tendoo-cms/
# Version: 1.3
# Tested on: Kali , Windows
# CVE : N/A
# Contact : 0xclay@gmail.com
######################
Introduction :
a Stored And a Reflected XSS Vulnerability In Profile Area In Tendoo CMS
Make CMS Vulnerable And Can Be Used For Stealing Admin Cookies And ....... .
######################
Stored Xss In http://localhost/tendoo/index.php/account/update In First
Name and Last Name Inputs
Excute Java Script Codes And If Admin Or Any Body Come In Attacker Profile
When First Name And Last Name Loads
JavaScripts Code Will Be Excuted
POC :
https://i.leetfil.es/e992ad2d.jpg
Discovered By Arash Khazaei
Reference in a new issue View git blame Copy permalink