Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: bt-21202.htm

CMS Buzz (XSS/PC/HI) Multiple Remote Vulnerabilities



CMS Buzz (XSS/PC/HI) Multiple Remote Vulnerabilities
CMS Buzz (XSS/PC/HI) Multiple Remote Vulnerabilities



#################################################################################################################
[+] CMS Buzz (xss/Change Password)Multiple Remote Vulnerabilities
[+] Discovered By xhaxkerx
[+] Vendor: http://www.c99.mobi
[+] Note : If you are The S3r!0uS  I say To Fuck you Because You are Hacked  Site Of My Best Friends dz-boys.com
[+] Demo:http://demo.cmsbuzz.com/
[+] Greeting : yasin
#################################################################################################################
Remote Changing Password:
+++++++++++++++++++++++++
1) You Must Register In ThE site http://www.victim.com/?action=register
2) Login
3) Go To url:
http:///www.victim.com/?action=profile&user= [ Name Of user ]
Example
http:///www.victim.com/?action=profile&user=admin
Change admin Password Then go To login http://path/?action=login
Cross Site Scritping
++++++++++++++++++++
http://www.victim.com/?action=search


#################################################################################################################
[+] CMS Buzz Cookie Grabber Exploit& HTML Injection
[+] Discovered By ThE g0bL!N
[+] Vendor:http://msbuzz.com/
[+] Fuck You The S3r!0uS
#################################################################################################################
PoC
--
[+] Make 2 files and upload to your host :
[+]cookie.php  - > Put in this File That Code:
 
[+]log.txt   - > CHMOD it 777 and put in the same directory with cookie.php

[+]Exploit:
   -------
1) Register in The SIte
2) Go to send message http://path/?action=compose
3)We Put in
  To:admin name
  Subject: Some Subject
Message: 
  The js code Worked When The admin Read The Message
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2) HTML Injection
+++++++++++++++++
1) Register :p
2) Go to send message http://path/?action=compose
3)We Put in
  To:admin name
  Subject: Some Subject
  Message: 1)XSS:PoC :
             ---------
2)Poc: Iframe :">
       -------------
3)PoC : Redirection:">"">>>>content="0;url=http://www.google.com/"> ""
     -------------------
DEMO:http://demo.cmsbuzz.com

# if you need shell http://www.c99.mobi/c99.txt

################################################################################################################


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH