exploit the possibilities

PolarisCMS Cross Site Scripting

PolarisCMS Cross Site Scripting
Posted Aug 6, 2012
Authored by LiquidWorm | Site zeroscience.mk

PolarisCMS suffers from a cross site scripting issue when input passed to the function 'WebForm_OnSubmit()' via the URL to blog.aspx is not properly sanitized before being returned to the user.

tags | exploit, xss
MD5 | 443876595a11f84cd9dcb1db80796c53

PolarisCMS Cross Site Scripting

Change Mirror Download

PolarisCMS (blog.aspx) Remote URI Based Cross-Site Scripting Vulnerability


Vendor: PolarisCMS
Product web page: http://www.polariscms.com
Affected version: 2012

Summary: PolarisCMS is a White Label CMS (content management System) providing
more features, functions and flexibility to global web professionals, than ever
before. The breakthrough technology used for this web platform has been built
over a 6 year period and includes a highly advanced Website Builder CMS, a
full-scale Online Catalog and Ecommerce Shopping Cart, and a range of high-end
functional tools to create feature-rich websites.

Desc: PolarisCMS suffers from a XSS issue when input passed to the function
'WebForm_OnSubmit()' via the URL to blog.aspx is not properly sanitised before
being returned to the user. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in context of an affected site.

Tested on: Microsoft IIS/6.0
ASP.NET 4.0.30319


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2012-5095
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5095.php



05.08.2012

---


http://HOST/reselleradmin/blog.aspx?%27%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E
http://HOST/reselleradmin/blog.aspx?%27onmouseover=prompt(101)%3E

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close