|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Dragonfly CMS 9.0.6.1 and prior XSS
From: HeLiOsZ RooT (heliosz_time
hotmail.com)
Date: Wed Aug 09 2006 - 08:32:52 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
## HeLiOsZ - Dark End Team - Internet Security Team
## Dragonfly CMS 9.0.6.1 and prior XSS
## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &
http://www.darkend.org
## Rish : Medium
## Type : web applet
## Creator: http://www.cpgnuke.com/
## Exploit:
- The vuln is in the search section,it don't validate the imput.
To exploit this vuln you simply need an Internet Browser,you must only use
a cookie
logger to get the Portal cookies.
To know if it is vulnerable: <script>alert('This is an XSS
Vulnerability')</script>
## Dork: Interactive software released under GNU GPL, Code Credits, Privacy
Policy
_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]