Pulse Pro 1.4.3 – Persistent Cross-Site Scripting

  • 作者: Th3 RDX
    日期: 2010-10-24
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/15308/
  • # Exploit Title: Pulse Pro 1.4.3 Persistent XSS Vulnerability
# Date: 24-10-2010
# Author: Th3 RDX
# Software Link: http://pulsecms.com/
# Version:1.4.3
# Tested on: Demo Site
# category: webapp
# Code : n/a
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
L0v3 To: R00T, R45c4l, Agent: 1c3c0ld, Big Kid, Br0wn Sug4r,
Sid3^effects, L0rd CruSad3r,
 Sonic , r0073r(inj3ct0r.com)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
<3 Love: -[SiLeNtp0is0n]-, stRaNgEr(lucky), inX_rOot, NEO H4cK3R,
DarkL00k, G00g!3 W@rr!0r,
str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
INDIAN CYBER ARMY
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

##############################################################################
%//

----- [ Founder ] -----

Th3 RDX

----- [ E - mail ] -----

th3rdx@gmail.com


%\\
##############################################################################

##############################################################################
%//

----- [Title] -----

Pulse Pro 1.4.3 Persistent xss Vulnerability

----- [ Vendor ] -----

http://pulsecms.com/
%\\
##############################################################################

##############################################################################
%//

----- [ Bug (s) ] -----

----- [ Persistent XSS ] -----

Proof of Concepts:
------------------

Step 1) Login into member or User Section

Link: http://pulsecms/demo/login.php

Step 2) Go to Blog [Manage Blog]

-[XSS Bug present in following]-

=> New Blog Post

-[XSS Code]-

=> '"--><script>alert(0x000872)</script>

Step 3) Enter your Attack Pattern to title of blog post or source

Step 4) Refresh and View your blog post on index page or post link.

Note:L The XSS Also remains in admin panel

%\\
##############################################################################

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=> PROUD TO BE AN INDIAN | Anythning for INDIA | JAI-HIND | Maa Tujhe Salam

=> c0d3 for motherland, h4ck for motherland

==> i'm worst than a useless <==
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.

Bug discovered : 24 October 2010

finish(0);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

#End 0Day#
    Python