{"id": "1337DAY-ID-23941", "bulletinFamily": "exploit", "title": "Tendoo CMS 1.3 - XSS Vulnerabilities", "description": "Exploit for php platform in category web applications", "published": "2015-07-30T00:00:00", "modified": "2015-07-30T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://0day.today/exploit/description/23941", "reporter": "Arash Khazaei", "references": [], "cvelist": [], "type": "zdt", "lastseen": "2018-01-03T15:10:57", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for php platform in category web applications", "edition": 1, "enchantments": {"score": {"modified": "2016-04-20T01:49:22", "value": 4.3}}, "hash": "57cf7b7e9efb4036b109c43122d2627e064596d672c2fa8c0a964466d90e8dae", "hashmap": [{"hash": "14609a06e0dd9c213d95e683bb9797b8", "key": "href"}, {"hash": "2bae9ccf27ecef9510e7896b4e51571e", "key": "title"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "17349f1b1e2a055ccd1d9afb78ddc399", "key": "modified"}, {"hash": "17349f1b1e2a055ccd1d9afb78ddc399", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "ab901e06d3be5c19ba161d1de1eb4348", "key": "reporter"}, {"hash": "cd6491e075798b395e1ab2ba31af563c", "key": "sourceHref"}, {"hash": "41acbfaba255733bf214cfb03706ef1e", "key": "sourceData"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}], "history": [], "href": "http://0day.today/exploit/description/23941", "id": "1337DAY-ID-23941", "lastseen": "2016-04-20T01:49:22", "modified": "2015-07-30T00:00:00", "objectVersion": "1.0", "published": "2015-07-30T00:00:00", "references": [], "reporter": "Arash Khazaei", "sourceData": "# Exploit Title: Tendoo CMS Stored And Reflected Xss Vulnerability\r\n# Google Dork: N/A\r\n# Date: 28/7/2015\r\n# Exploit Author: Arash Khazaei\r\n# Vendor Homepage: http://tendoo.org/\r\n# Software Link: http://sourceforge.net/projects/tendoo-cms/\r\n# Version: 1.3\r\n# Tested on: Kali , Windows\r\n# CVE : N/A\r\n# Contact : 0xclay@gmail.com\r\n \r\n######################\r\nIntroduction :\r\na Stored And a Reflected XSS Vulnerability In Profile Area In Tendoo CMS\r\nMake CMS Vulnerable And Can Be Used For Stealing Admin Cookies And ....... .\r\n######################\r\n \r\nStored Xss In http://localhost/tendoo/index.php/account/update In First\r\nName and Last Name Inputs\r\nExcute Java Script Codes And If Admin Or Any Body Come In Attacker Profile\r\nWhen First Name And Last Name Loads\r\nJavaScripts Code Will Be Excuted\r\nPOC :\r\n \r\nhttps://i.leetfil.es/e992ad2d.jpg\r\n \r\nReflected Xss In http://localhost/tendoo/index.php/account/update?info=\r\nInput Make Execute JavaScripts Codes\r\nPOC :\r\nhttps://i.leetfil.es/454570b1.jpg\r\n \r\nYou Can See Javascript Alerts In Pictures .\r\n \r\nDiscovered By Arash Khazaei\n\n# 0day.today [2016-04-20] #", "sourceHref": "http://0day.today/exploit/23941", "title": "Tendoo CMS 1.3 - XSS Vulnerabilities", "type": "zdt", "viewCount": 0}, "differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T01:49:22"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc"}, {"key": "href", "hash": "b1c88b6103cad1a289e9f1b312f59ba0"}, {"key": "modified", "hash": "17349f1b1e2a055ccd1d9afb78ddc399"}, {"key": "published", "hash": "17349f1b1e2a055ccd1d9afb78ddc399"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ab901e06d3be5c19ba161d1de1eb4348"}, {"key": "sourceData", "hash": "9fe2c3abb6ff72e57a55f982d9ca3f2b"}, {"key": "sourceHref", "hash": "0399debb87dda93fc8702ea460d6f8a5"}, {"key": "title", "hash": "2bae9ccf27ecef9510e7896b4e51571e"}, {"key": "type", "hash": "0678144464852bba10aa2eddf3783f0a"}], "hash": "02a8a9c3b78390737bcd67a87e5c554dbf0dce7489d7356a00f3141f9ca0b038", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "sourceHref": "https://0day.today/exploit/23941", "sourceData": "# Exploit Title: Tendoo CMS Stored And Reflected Xss Vulnerability\r\n# Google Dork: N/A\r\n# Date: 28/7/2015\r\n# Exploit Author: Arash Khazaei\r\n# Vendor Homepage: http://tendoo.org/\r\n# Software Link: http://sourceforge.net/projects/tendoo-cms/\r\n# Version: 1.3\r\n# Tested on: Kali , Windows\r\n# CVE : N/A\r\n# Contact : [email\u00a0protected]\r\n \r\n######################\r\nIntroduction :\r\na Stored And a Reflected XSS Vulnerability In Profile Area In Tendoo CMS\r\nMake CMS Vulnerable And Can Be Used For Stealing Admin Cookies And ....... .\r\n######################\r\n \r\nStored Xss In http://localhost/tendoo/index.php/account/update In First\r\nName and Last Name Inputs\r\nExcute Java Script Codes And If Admin Or Any Body Come In Attacker Profile\r\nWhen First Name And Last Name Loads\r\nJavaScripts Code Will Be Excuted\r\nPOC :\r\n \r\nhttps://i.leetfil.es/e992ad2d.jpg\r\n \r\nReflected Xss In http://localhost/tendoo/index.php/account/update?info=\r\nInput Make Execute JavaScripts Codes\r\nPOC :\r\nhttps://i.leetfil.es/454570b1.jpg\r\n \r\nYou Can See Javascript Alerts In Pictures .\r\n \r\nDiscovered By Arash Khazaei\n\n# 0day.today [2018-01-03] #"}

{"result": {}}