# Exploit Title: Fiyo CMS 1.5.7 XSS Vulnerability # Date: 05/29/2014 # Author: Mustafa ALTINKAYNAK # Download URL :http://www.fiyo.org/ # Software Link: http://www.fiyo.org/download # Vuln Category: CWE-79 (XSS) # Tested on: Fiyo CMS 1.5.7 # Tested Local Platform : XAMP on Windows # Patch/ Fix: Not published. --------------------------- Technical Details --------------------------- Reflected XSS : Review form can be bypassed. Users can be played cookies. Example : Nama : "> --------------------------------------------------------------------------------- Form Comment (XSS Vuln) # /apps/app_comment/form_comment.php

*
Click to reload image
ReCaptcha *
----------- Mustafa ALTINKAYNAK twitter : @m_altinkaynak www.mustafaaltinkaynak.com