Monthly Archives: July 2011
XSS vulnerability in the admin panel->static page->add new section. In html mode type the following string:
XSS vulnerability in admin panel->tags->manage tags section.
In the search box type in the following string:
The webpage is defaced with the following marquee on the screen.\m/
The exploit published here is just for educational purpose. 3psil0nLaMdA bears no responsibility whatsoever for the mis use of this.
Well guys, the demo of sphider.eu has a sql injection vulnerability.
The exploit is as follows.
* Persistent XSS vulnerability in CMSIMPLE 3.3
Google dork: Powered by CMSimple
published by: http://packetstormsecurity.org/files/author/8964/
After login to the demo with password=test, choose edit mode, and then, choose
html button in the toolbox, and write the below code, after clearing off the
existing code there. A pop up comes showing persistent xss vulnerability in the
PS: In the demo, as they have mentioned in the site, the write option to files
have been disabled, unlike fullversion. So, here we can only see the way the
script behaves in the layout which shows xss vulnerability, which shall be
persistent in the full version once the write permissions are allowed.
Thanks to side-effects for his valuable guidance and greets to taashu for her
love and support.