++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [+] Exploit Title: DCMS v2.4 Cms Cross Site Scripting vulnerability # # [+] Exploit Author: Ashiyane Digital Security Team # # [+] Home : www.Ashiyane.org # # [+] Vendor Homepage: www.dibagroup.com # # [+] Category: Web Application # # [+] Version: 2.4 # [+] Tested on: Windows 7 # # [+] Dork: intext:"Powered By DCMS 2.4" # # ----------------------------------------------------------- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----------------------------------------------------------- + Location:site/DCMS/statistic/tpro2/demographics.php[Xss] # + Location:site/DCMS/statistic/tpro2/navigation.php[Xss] # + Location:site/DCMS/statistic/tpro2/search.php[Xss] # + Location:site/DCMS/statistic/tpro2/summary.php[Xss] # + Location:site/DCMS/statistic/tpro2/technology.php[Xss] # + Location:site/DCMS/statistic/tpro2/traffic.php[Xss] # + Location:site/Search.php[Xss] # # + DEm0:http://www.khcu.gov.ir/Search.php[Xss] + DEm0:http://www.khcu.gov.ir/DCMS/statistic/tpro2/demographics.php[Xss] # + DEm0:http://www.khcu.gov.ir/DCMS/statistic/tpro2/navigation.php[Xss] # + DEm0:http://www.khcu.gov.ir/DCMS/statistic/tpro2/search.php[Xss] # + DEm0:http://www.khcu.gov.ir/DCMS/statistic/tpro2/summary.php[Xss] # + DEm0:http://www.khcu.gov.ir/DCMS/statistic/tpro2/technology.php[Xss] # + DEm0:http://www.khcu.gov.ir/DCMS/statistic/tpro2/traffic.php[Xss] + DEm0:http://www.yazdtelecom.ir/Search.php[Xss] ++++++++++++++++++++++++++++++++++ [+] EXploit: [-]Target/Search.php ==> POST (multipart) input s was set to [-]Target/DCMS/ ==> URI was set to ====================================== * Greetz to: My Lord Allah * Sp Tnx To: Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,am118,PrinceofHacking,Alireza66,Amirh03in,B4b4K KH4TaR,sil3nt and all Ashiyane Security [ Researcher Team AND Deface Team ] * The Last One : My Self, tr0janman ******* --------------------------------------------