Sunday, 18 March 2012
[EN] Sidu 3.3 CMS - XSS for logged-in users
# TITLE ....... # Sidu 3.3 CMS XSS (for logged in users) ............... #
# DATE ........ # 17.03.2012 ........................................... #
# AUTOHR ...... # http://hauntit.blogspot.com .......................... #
# SOFT LINK ... # http://sidu.sf.net ................................... #
# VERSION ..... # 3.3 .................................................. #
# TESTED ON ... # LAMP ................................................. #
# ...................................................................... #
# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...
#................................................................#
# 1. What is this?
This is very nice CMS, You should try it! ;)
#...............................................................#
# 2. What is the type of vulnerability?
This is cross-site scripting for logged-in users.
#...............................................................#
# 3. Where is bug :)
http://sidu33/sidu33/sql.php?id=1&sql=<xss>here
#..............................................................#
# 4. More...
- http://sidu.sf.net
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net
#.............................................................#
# 5. Mail me, I'm still looking for a new projects... ;)
#.............................................................#
# Best regards
#
Labels:
0day,
exploit,
research,
vulnerability
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
What do You think...?