____/\______.__ ________ _________ _____ ____/\__ ____/\__ _____ ____/\__ ____/\______ / / /_/_ | | \_____ \ ___\______ \ / ___ \/ / /_// / /_/ / ___ \/ / /_// / /_/_ | ____ \__/ / \ | | | _(__ < / \ / / / / ._\ \__/ / \ \__/ / \ / / ._\ \__/ / \ \__/ / \ | |/ \ / / / \| | |__/ \ | \/ / < \_____/ / / \/ / / < \_____/ / / \/ / / \| | | \ /_/ /__ /|___|____/______ /___| /____/ \_____\/_/ /__ /_/ /__ /\_____\/_/ /__ /_/ /__ /|___|___| / \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ ------------------------------------------------------------------------------ ------------------------------------------------------------------- TITLE: Etomite CMS Multiple stored XSS Vendor: Etomite CMS Author: $1l3n7 @$$@$$17 Email: sil3ntb0t@gmail.com Download Link: http://www.etomite.com/files/file/323-etomite-11/ Versions: 1.0 Tested on: Windows7 ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ DEMO: A)Persistent XSS http://localhost/etomite/manager/index.php DEMO: http://localhost/etomite/manager/index.php New Document, New Weblink, Messages(subject and content), New keyword(manage resources) No of log entries,no of messages and many more fields are vulnerable to stored XSS. POST DATA= "'-->> Eg: 1: In Manage Resource in keyword tab, 'create new keyword' field POST DATA= "'-->> 2: Similarly 'New Template' field http://localhost/etomite/manager/index.php POST DATA= "'-->> ---------------------------------------------------------------------------- gr33t1ngs and ShOuTZ to r007k17-w and all my friends..