{"type": "zdt", "lastseen": "2016-04-20T01:49:22", "bulletinFamily": "exploit", "cvelist": [], "history": [], "title": "Tendoo CMS 1.3 - XSS Vulnerabilities", "published": "2015-07-30T00:00:00", "href": "http://0day.today/exploit/description/23941", "cvss": {"vector": "NONE", "score": 0}, "description": "Exploit for php platform in category web applications", "hash": "4937ed35b367095cba4ee8aa3c4845f5e0719f5431c2b739e693e40302cdff40", "references": [], "objectVersion": "1.0", "edition": 1, "sourceData": "# Exploit Title: Tendoo CMS Stored And Reflected Xss Vulnerability\r\n# Google Dork: N/A\r\n# Date: 28/7/2015\r\n# Exploit Author: Arash Khazaei\r\n# Vendor Homepage: http://tendoo.org/\r\n# Software Link: http://sourceforge.net/projects/tendoo-cms/\r\n# Version: 1.3\r\n# Tested on: Kali , Windows\r\n# CVE : N/A\r\n# Contact : 0xclay@gmail.com\r\n \r\n######################\r\nIntroduction :\r\na Stored And a Reflected XSS Vulnerability In Profile Area In Tendoo CMS\r\nMake CMS Vulnerable And Can Be Used For Stealing Admin Cookies And ....... .\r\n######################\r\n \r\nStored Xss In http://localhost/tendoo/index.php/account/update In First\r\nName and Last Name Inputs\r\nExcute Java Script Codes And If Admin Or Any Body Come In Attacker Profile\r\nWhen First Name And Last Name Loads\r\nJavaScripts Code Will Be Excuted\r\nPOC :\r\n \r\nhttps://i.leetfil.es/e992ad2d.jpg\r\n \r\nReflected Xss In http://localhost/tendoo/index.php/account/update?info=\r\nInput Make Execute JavaScripts Codes\r\nPOC :\r\nhttps://i.leetfil.es/454570b1.jpg\r\n \r\nYou Can See Javascript Alerts In Pictures .\r\n \r\nDiscovered By Arash Khazaei\n\n# 0day.today [2016-04-20] #", "id": "1337DAY-ID-23941", "sourceHref": "http://0day.today/exploit/23941", "modified": "2015-07-30T00:00:00", "reporter": "Arash Khazaei", "enchantments": {"vulnersScore": 4.3}}