Sunday 18 March 2012

[EN] Sidu 3.3 CMS - XSS for logged-in users


# TITLE ....... # Sidu 3.3 CMS XSS (for logged in users) ............... #
# DATE ........ # 17.03.2012 ........................................... #
# AUTOHR ...... # http://hauntit.blogspot.com .......................... #
# SOFT LINK ... # http://sidu.sf.net ................................... #
# VERSION ..... # 3.3 .................................................. #
# TESTED ON ... # LAMP ................................................. #
# ...................................................................... #

# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...

#................................................................#
# 1. What is this?
This is very nice CMS, You should try it! ;)

#...............................................................#
# 2. What is the type of vulnerability?
This is cross-site scripting for logged-in users.

#...............................................................#
# 3. Where is bug :)
http://sidu33/sidu33/sql.php?id=1&sql=<xss>here

#..............................................................#
# 4. More...

- http://sidu.sf.net
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net

#.............................................................#
# 5. Mail me, I'm still looking for a new projects... ;)
#.............................................................#
# Best regards
#

No comments:

Post a Comment

What do You think...?