iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (3)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Hileytech CMS Persistent XSS vulnerability
  • m0rph
    Posts: 332
    # Exploit Title: Hileytech CMS clientlogin.php Persistent XSS vulnerability
    # Google Dork: intext:"Designed & Maintained by Hileytech"
    # Date: April 6, 2011
    # Author: m0rph
    # Software Link: Comes with Hosting Service
    # Site: http://hileytech.com
    # Version: N/A
    # Tested on: Windows 7 Home Premium 64-bit

    --Description--

    Within the clientlogin.php page, a logged in user has the option to update their address.
    Within the "Edit Address" section, an attacker may exploit a persistent XSS vulnerability
    through onmousover= within paragraph tags.

    With the exception of the "State(US):" and "*Country:" fields, all other inputs can be exploited; however,
    this attack is limited to the user logged in, and the site administrator, as users cannot view other users'
    profile information.

    --PoC--

    <p onmouseover=alert(/XSS/)>Rollover for a Persistent XSS vulnerability</p>

    ---------------------------------------------------------------------

    enjoy the new google-dork
    while( !(succeed = try() ) );
  • Xin
    Posts: 3,251
    Nice find :) did it take you long?
    Xin
  • -Chosen-
    Posts: 3
    It really isnt difficult at all to find these XSS vulnerabilities.

    http://161.58.27.139/whois/lookup.php?d ... /script%3E

    -Chosen-
  • m0rph
    Posts: 332
    said:


    Nice find :) did it take you long?

    no man, it took like 5 minutes lol

    and -Chosen- stop trolling, from what I've seen from your posts that's all you know how to do
    said:


    You are NOT the author of this, i seen this down at Exploit-db, why cant you just give credit, your not that knowledgeable on overflows anyways, unless you want to prove me wrong?

    -Chosen-


    OH RLY? u haz linkz?

    oh yeah, apparently your an sql injecting master LOL @ banner grabbing
    said:


    Try to banner grab and find the running version so you can exploit it. You probably go this results from an NMAP scan, and i dont think you can exploit this.

    This only means that the root password of the database was not changed. You can try to use default logins for authentication.

    -Chosen-


    I'm pretty sure everyone knows about default logins, I also think you need a reminder of the rulez

    i. No Flaming (except in lounge)


    but nonetheless your fun to play with :)
    while( !(succeed = try() ) );
  • Xin
    Posts: 3,251
    said:


    It really isnt difficult at all to find these XSS vulnerabilities.

    http://161.58.27.139/whois/lookup.php?d ... /script%3E

    -Chosen-



    I know its not there like the most common vuln i was just asking for him.
    Xin
Add a Comment