___________________________________________________ | | Exploit Title: Subrion Cms Cross Site Scripting (XSS) | Exploit Author: Ashiyane Digital security Team | Vendor Homepage : https://subrion.org/ | Software Link: https://tools.subrion.org/get/latest.zip | Version: 4.1.5 | Date: 2017 - 07 - 9 | Tested on: Kali-Linux /FireFox |__________________________________________________ Exploit :
System
Server
Username" autocapitalize="off">
Password
Database" autocapitalize="off">

__________________________________________________ Vulnerable method : $_POST Vulnerable File : /includes/adminer/adminer.script.php Vulnerable code: line 367 : 372 loginForm(){global$Eb;echo'
System',html_select("auth[driver]",$Eb,DRIVER,"loginDriver(this);"),'
Server
Username
Password
Database" autocapitalize="off">
A __________________________________________________ #patch: For fix this vulnerability you use htmlspecialchars() function . __________________________________________________ Discovered By : M.R.S.L.Y __________________________________________________