__________.__ __ ___ ___ \______ \ | _____ ____ | | __ / | \ ____ | | _/ | \__ \ _/ ___\| |/ / ______ / ~ \/ ___\ | | \ |__/ __ \\ \___| < /_____/ \ Y / /_/ > |______ /____(____ /\___ >__|_ \ \___|_ /\___ / \/ \/ \/ \/ \//_____/ .ORG ---------------------------------------------------------------- Siena CMS (1.242) <= Cross Site scripting Vulnerabilities ---------------------------------------------------------------- # Exploit Title: Siena CMS (1.242) <= Cross Site scripting Vulnerabilities # Application Name: [Siena CMS] # Date: 31/12/2011 # Author: BHG Security Center # Home: Http://black-hg.org # Software Link: [ http://www.sienacms.com ] # Impact : [ low ] # Dork: inurl:"index.php?page=" $ Version : [1.242] # Tested on: [linux+apache] # CVE : Webapps # Finder(s): - Net.Edit0r (Net.edit0r [at] att [dot] net) # Description: : You can use this vulnerability to take malicious ~ XSS (ha.ckers.org/xss.html) +-----------------------+ | Cross Site scripting | +-----------------------+ The vulnerable code is located in /index.php?err=[XSS] Proof of Concept: ----------------- ~ PoC : http://localhost/index.php?page=[XSS] ~ Demo : http://chelseaharbourwebdesign.com/index.php?page="> ~ Demo : http://www.sienacms.com/index.php?page="> ~ Demo : http://www.chelseaharbourgallery.com/index.php?page="> ~ Demo : http://www.jessicazoobdesire.com/index.php?page="> [-] Disclosure timeline: [21/12/2011] - Vulnerabilities discovered [24/12/2011] - Others vulnerabilities discovered [27/12/2011] - Issues reported to http://black-hg.org [31/12/2011] - Public disclosure # Greets To : Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ tHe.k!ll3r ~ Mr.XHat ~ Bl4ck.Viper b3hz4d ~ G3n3Rall ~ NoL1m1t ~ __SENATOR__ ~ NetQurd ~ Cyber C0der THANKS TO ALL Iranian HackerZ ./Persian Gulf ===========================================[End]=============================================