John CMS 5.1 Cross Site Scripting

2013-09-08T00:00:00
ID PACKETSTORM:123136
Type packetstorm
Reporter DevilScreaM
Modified 2013-09-08T00:00:00

Description

                                        
                                            `#Exploit Title : JohnCMS 5.1 Persistent XSS Vulnerability  
#Author : DevilScreaM  
#Date : 08/09/2013  
#Category : Web Applications   
#Vendor : http://johncms.com/  
#Product Link : http://johncms.com/download/?cat=481  
#Version : 1.0 - 5.1  
  
#Dork   
intext:Powered by JohnCMS  
  
#Vulnerability : Persistent XSS Vulnerability  
#Tested On : Windows 7 32 Bit, Window XP (Mozila & Chrome)  
#Greetz : Newbie-Security.or.id  
  
  
Persistent XSS Vulnerability  
  
1. Register to Web http://site/registration.php  
  
2. After Register, go to Forum (http://site/forum/)  
  
3. Select Sub Forum, and CLick New Topic  
  
4. At "Tags" Input your XSS  
  
Example <h1>Tested by DevilScreaM</h1>  
  
  
Screenshot at New Topic  
  
http://i43.tinypic.com/6o2xad.png  
  
==============================================================================  
  
Example XSS  
http://www.waptok.asia/forum/index.php?id=298  
http://www.waptok.asia/forum/lol123_298.html  
`