NetCat CMS – Multiple Cross-Site Scripting Vulnerabilities

Exploit Database
22 阅读

作者： Security Effect Team

日期： 2012-10-31
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37994/

source: https://www.securityfocus.com/bid/56340/info

NetCat CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

NetCat CMS 5.0.1 is vulnerable; other versions may also be affected. 

http://www.example.com/?Ã¢â?¬â?¢ onmouseover=Ã¢â?¬â?¢prompt(document.cookie)Ã¢â?¬â?¢bad=Ã¢â?¬â?¢>

http://www.example.com/search/?search_query=Ã¢â?¬â?¢ onmouseover=prompt(document.cookie) bad=Ã¢â?¬â?¢

last Exploits
NetCat CMS – Multiple Cross-Site Scripting Vulnerabilities的更多信息

Cart Engine 3.0.0 – ‘task.php’ Local File Inclusion：
Ovidentia 6 – ‘id’ SQL injection (Authenticated)：
Metasploit Web UI < 4.14.1-20170828 - Cross-Site Request Forgery：
MiCollab 7.0 – SQL Injection：
Online Student Enrollment System 1.0 – Unauthenticated Arbitrary File Upload：
Dell Kace 1000 SMA 5.4.70402 – Persistent Cross-Site Scripting：
Helmet Store Showroom v1.0 – SQL Injection：
Queue Management System 4.0.0 – “Add User” Stored XSS：