silverstripe CMS persistent XSS vulnerabilties

Hi all,

Yet another bug found, in the silverstripe CMS. 🙂
DISCLAIMER: The publisher is in no way responsible if the information is used for any malicious intent.
silverstripe CMS persisten XSS vulnerabilties
vendor: http://demo.silverstripe.org
Author: Karthik R (3psil0nLambDa)
Email: Karthik.cupid@gmail.com
My blog: epsilonlambda.wordpress.com
Google dork: Powered by the SilverStripe Open Source CMS

* Persistent XSS vulnerability

The page title module of this CMS is vulnerable to persistent XSS.

Exploit:

PoC: http://imageshack.us/photo/my-images/341/silverstripe.png/

Greets to side-effects and Taashu 🙂

Advertisements

Posted on January 28, 2012, in Uncategorized and tagged . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: