exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Fork CMS Cross Site Scripting

Fork CMS Cross Site Scripting
Posted Apr 18, 2013
Authored by Rafay Baloch

Fork CMS suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8c5fae34f52db9b2663429d8f941353d9efee87ca897544f51278843d7e9d2b8

Fork CMS Cross Site Scripting

Change Mirror Download
===================================================================================
Fork-CMS Stored XSS:

Stored XSS:

Author: Rafay Baloch

Introduction:

Cross Site scritping (XSS) has been a problem for ages, XSS occurs when the
input data is copied into application

responses without being sanitized properly. Normally their are three types
of XSS (Cross Site Scritping) attacks.

1. Non Persistent (REFELECTED)
2. Persistent (STORED)
3. DOM Based XSS

Impact:

- Stealing cookies (Since javascript is able to access document.cookie).
- Phishing attacks
- Spreading malware
- Taking over the entire browsers by exloiting the vulnerablities present
inside the browser.

Proof OF Concept:

The admin IDS input is not being sanitized properly. Therefore resulting in
a Stored XSS.

Payload: "><img src=x onerror=prompt(0);>

Target URL: http://demo.fork-cms.com/private/en/settings/index

Mitigations:

- Make sure any user input should be properly sanitized and should be
properly html encoded before
it's copied into application responses any time.

- Dangerous html characters should be replaces by corresponding html
entities before copied into the application response.
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close