Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: c07-1661.htm

CMS Made Simple non-permanent XSS



CMS Made Simple non-permanent XSS
CMS Made Simple non-permanent XSS



########################
# /||` \ | || \` / ||\ # 
#/ || |\\| ||` \/` || \#  
#\ || | \` || |\/| || /# 
# \||_|` \_||_|` |_||/ #
# http://www.nanoy.org # 
########################

Hacker.: NanoyMaster
CMS....: CMS Made Simple
Version: 1.0.2

[--------exploits----------]
1) Search XSS (non-permanent)
2) preview XSS (non-permanent)
3) Admin login XSS (non-permanent)
4) Outro

[--------------------[NM]--]
[-------1.Search XSS-------]
XSS in search eg:
http:////index.php?mact=Search%2Ccntnt01%2Cdosearch%2C0&cntnt01returnid=15&cntnt01searchinput=&cntnt01submit=Submit 

Patch: modules\Search\action.dosearch.php
Add the following to line 3:
$params['searchinput'] = htmlentities($params['searchinput']);

[--------------------[NM]--]
[------2.Preview XSS-------]
XSS in Preview eg:
http:////preview.php?tmpfile= 

Patch: preview.php
add the following to line 38:
$page = htmlentities($page);

[--------------------[NM]--]
[----3.Admin Login XSS-----]
Type in username:
">
then submit
(make your own post form for more than 15 chars)

Patch: http:////admin/themes//login.php 
Add the following near the top:


[--------------------[NM]--]
[----------0.Outro---------]
Well I hope you liked this whitepaper
Have fun screwing with sites that use this package
(Or patching your sites!)
Sorry only 2 holes were added, I'll try harder next time ;)
Check out my site: http://www.nanoy.org 
theres a few challs etc.

peace (^_^)___\/m
[--------------------[NM]--]


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH