Campsite CMS - Remote Persistent Cross-Site Scripting

2010-07-15T00:00:00
ID EXPLOITPACK:7A589FAF8039F82043B8A9F464902C45
Type exploitpack
Reporter D4rk357
Modified 2010-07-15T00:00:00

Description

Campsite CMS - Remote Persistent Cross-Site Scripting

                                        
                                            #################################################################
# Exploit Title: Campsite CMS remote Persistent XSS vulnerability
# Date: 15th july 2010
# Author: D4rk357
# Critical:Low
# Contact:bd4rk357[at]yahoo[dot]in
# Software Link:bhttp://www.sourcefabric.org/en/home/web/78/Demo--Documentation.htm?tpl=18
# Greetz to:bb0nd, Fbih2s,Beenu,rockey killer,The empty(), punter,eberly,prashant
# Shoutz to: http://www.garage4hackers.com/forum.php , h4ck3r.in and  all ICW members
##############################################################################

Login as Admin into the website .

GO to administration>Articles>Edit articles or any other option .

In heading or content type <marquee><h1>XSS3d By D4rk357</h1><marquee> .
  
  On the other hand a user using this CMS can upload a persistent XSS in this site while 
  submitting a article using same method. 
  
 ##################################################################################
 #D4rk357