-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # Author: Ur0b0r0x # Tiwtte: @Ur0b0r0x # Email: ur0b0r0x_@live.com # Line: GreyHat # Home: cyberpunk-ur0x.blogspot.com # Exploit Title: Feng Office Version 2.0 Beta 3 - Cross-Site Scripting / Remote Privilege Escalation # Date: 21/11/2012 # Author: Ur0b0r0x # Url Vendor: http:www.fengoffice.com/ # Vendor Name: Feng Office # Tested On: Backtrack R3 / Linux Mint # Type: php ------------------- Agreement -------------------- [17/11/2012] - Vulnerability discovered [19/11/2012] - Vendor notified Dont responsed [21/11/2012] - Public disclosure -------------------------------------------------- # Proof of Concept Video http://www.youtube.com/watch?v=Q_B_5VkAVhU # Expl0it/P0c/Xss ################### # Expl0it/P0c/Privilege Escalation ###################